Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598

Qualys TRU disclosed two race-condition information-disclosure vulnerabilities (CVE-2025-5054 in Apport and CVE-2025-4598 in systemd-coredump) that allow local attackers to extract sensitive data from core dumps of SUID programs; PoCs show theft of /etc/shadow password hashes via unix_chkpwd crashes. Affected systems include Ubuntu (Apport) and Fedora/RHEL 9/10 (systemd-coredump); mitigations include disabling SUID core dumps (/proc/sys/fs/suid_dumpable=0), applying patches, and using Qualys TruRisk Eliminate for rapid mitigation.