Linux Passwords Warning — 2 Critical Vulnerabilities, Millions At Risk

Millions of Linux users are facing a major security threat. Recently discovered critical local information disclosure vulnerabilities in two popular Linux operating systems have left experts warning that millions of passwords and encryption keys could be at risk of compromise.

Security researchers from a renowned threat research unit have identified not one, but two, critical vulnerabilities impacting millions of Linux users. The first vulnerability, CVE-2025-5054, affects the Ubuntu core-dump handler known as Apport, while the second vulnerability, CVE-2025-4598, impacts the systemd-coredump handler used in Red Hat Enterprise Linux 9 and 10, plus Fedora.

The Qualys threat research unit has developed proof of concepts for both vulnerabilities across a handful of Linux operating systems. According to Saeed Abbasi, a manager with the Qualys TRU, these vulnerabilities are race-condition variants that can cause errors or unexpected behaviors, which can be critically dangerous if exploited by attackers.

Abbasi warned that exploiting CVE-2025-5054 and CVE-2025-4598 could allow a local attacker to gain read access to core dumps, potentially extracting sensitive data such as passwords, encryption keys, or customer information. He noted that systems with outdated or unpatched versions are particularly vulnerable to these risks.

Abbasi emphasized the importance of patching and increasing access controls to mitigate this risk. For the Apport vulnerability, Ubuntu 24.04 is affected, including all versions of Apport up to 2.33.0 and every Ubuntu release since 16.04. For the systemd-coredump vulnerability, Fedora 40/41, Red Hat Enterprise Linux 9, and RHEL 10 are vulnerable.

Red Hat has issued a statement regarding the Linux password exposure threats. According to the spokesperson, while CVE-2025-4598 is considered a moderate-risk vulnerability, it can result in a malicious actor gaining access to sensitive data via a core dump if certain prerequisites are met. However, Red Hat believes that enterprise IT practices and parallel technologies can mitigate this risk.

Experts urge all Linux users to prioritize patching and increasing access controls to protect their passwords and encryption keys from potential exploitation of these vulnerabilities. By taking proactive measures, users can minimize the risk of falling victim to these critical Linux security vulnerabilities.

What You Can Do:

  • Prioritize patching and updating your operating system to the latest version.
  • Increase access controls to prevent unauthorized access to sensitive data.
  • Monitor your systems for any signs of suspicious activity or vulnerabilities.
  • Stay informed about the latest security updates and alerts from reputable sources.

Conclusion:

The discovery of these critical Linux vulnerabilities highlights the importance of staying vigilant and proactive in protecting your digital assets. By taking steps to patch, update, and secure your systems, you can minimize the risk of falling victim to these vulnerabilities and ensure that your passwords and encryption keys remain safe.