In a significant cybersecurity development, researchers discovered two critical vulnerabilities in the Linux operating system, threatening systems globally. These flaws may allow local attackers to steal password hashes through core dump manipulation.
These vulnerabilities, identified as CVE-2025-5054 and CVE-2025-4598, target core dump handlers in major Linux distributions. Ubuntu is affected through its Apport crash reporting system, while Red Hat Enterprise Linux and Fedora are exposed via systemd-coredump.
The Qualys Threat Research Unit uncovered the flaws. They exploit race conditions that allow manipulation of SUID (Set User ID) programs. Attackers can abuse this to read sensitive core dumps, which may include hashed passwords from the /etc/shadow file.
All versions of Ubuntu 16.04 through 24.04 are affected by Apport up to version 2.33.0. Fedora 40/41 and RHEL 9 and 10 are vulnerable due to systemd-coredump. In contrast, Debian remains safe by default, as it doesn’t include these handlers unless manually added.
Security experts urge system administrators to immediately set the kernel parameter /proc/sys/fs/suid_dumpable
to 0, effectively disabling core dumps for all SUID programs. This hardens the system against potential privilege escalation attacks.
Qualys also released proof-of-concept exploits, showing how attackers can target the unix_chkpwd
process to access unauthorized data.
To prevent future incidents, organizations should consider adopting passwordless authentication, which removes reliance on stored password hashes, mitigating risks from this class of vulnerabilities.
These vulnerabilities can lead to data theft, network compromise, and even regulatory penalties. System administrators must apply security patches and enhance their defenses immediately.
For more technical insight and mitigation steps, read the full report by Pradeep Singh on Security Boulevard.