Subiquity CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-0555	1 Canonical	1 Subiquity	2025-08-26	8.4 High
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
CVE-2023-5182	1 Canonical	1 Subiquity	2024-11-21	5.5 Medium
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
CVE-2020-11932	1 Canonical	1 Subiquity	2024-11-21	2.3 Low
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

Page 1 of 1.