Exploit for CVE-2025-5054

Name: Exploit for CVE-2025-5054
Rating: 5 (316 reviews)
2025-06-06 | CVSS 4.7
## https://sploitus.com/exploit?id=645FBF4E-1021-5CE1-BDCA-FC237DC386D1
# CVE-2025-5054 Vulnerability Detection Tool

A Python tool to check if your Ubuntu system is vulnerable to [CVE-2025-5054](https://vulners.com/cve/CVE-2025-5054), a race condition in Apport that allows local information disclosure. This tool performs a series of checks to determine your system's status and provides recommendations if you are affected.

---

## Features

- Detects if the system is running Ubuntu and extracts version information
- Checks if Apport is installed and determines its version
- Determines if the installed Apport version is vulnerable (≤ 2.32.0)
- Checks if Apport is configured as the core dump handler
- Verifies mitigation settings (e.g., suid_dumpable)
- Looks for common attack vectors (e.g., SUID/SGID unix_chkpwd)
- Provides a clear summary and actionable recommendations

---

## Requirements

- Python 3.12 or higher
- No external dependencies

---

## Installation

1. **Clone the repository:**

   ```bash
   git clone https://github.com/daryllundy/cve-2025-5054
   cd cve-2025-5054
   ```
2. **Create and activate a virtual environment using [uv](https://github.com/astral-sh/uv):**

   ```bash
   uv venv
   source .venv/bin/activate
   ```
---

## Usage

> **For best results, run as root (sudo) to allow all checks to complete.**

```bash
uv run cve_2025_5054_detector.py
```

Sample output:

```
============================================================
CVE-2025-5054 Vulnerability Detection Tool
============================================================

[*] Checking operating system...
[*] Checking if Apport is installed...
[*] Checking Apport version...
[*] Checking core dump configuration...
[*] Checking suid_dumpable setting...
[*] Checking for unix_chkpwd...

============================================================
DETECTION RESULTS
============================================================
[OS Check] INFO: Ubuntu 22.04 detected
[Apport Check] INFO: Apport version 2.32.0 installed
[Version Check] VULNERABLE: Version 2.32.0 is vulnerable
[Core Pattern] INFO: Apport is configured as core dump handler
[Mitigation] WARNING: suid_dumpable=1 (default, vulnerable)
[Attack Vector] INFO: unix_chkpwd found at /usr/sbin/unix_chkpwd (not SUID/SGID)

============================================================
SUMMARY
============================================================
[!] YOUR SYSTEM APPEARS TO BE VULNERABLE TO CVE-2025-5054

Recommended actions:
1. Update Apport to the latest version:
   sudo apt update && sudo apt upgrade apport

2. As a temporary mitigation, disable SUID core dumps:
   sudo sysctl fs.suid_dumpable=0
   echo 'fs.suid_dumpable=0' | sudo tee -a /etc/sysctl.conf

3. Consider disabling Apport temporarily if updates are not available:
   sudo systemctl stop apport.service
   sudo systemctl disable apport.service
```

---

## License

This project is licensed under the [MIT License](LICENSE).

---

## Credits

Developed by Daryl Lundy