CVE-2014-3925

Name: CVE-2014-3925
Creator: NVD / NIST
Published: 2014-06-01T04:29:34.923+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.15%

Last modified Jun 17, 2026

CVE-2014-3925 is a vulnerability of currently unknown severity. sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.. EPSS estimates a 2.15% chance of exploitation in the next 30 days.

Description

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Metrics

EPSS Probability

2.15%

79.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-255

Affected Software

Vendor	Product	Versions
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	15.04
Canonical	Ubuntu Linux	15.10
Redhat	Sos	<= 1.7

References

Timeline

Published: Jun 1, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-3925?

How severe is CVE-2014-3925?

Severity scoring for CVE-2014-3925 is pending analysis. The EPSS model estimates a 2.15% probability of exploitation in the next 30 days.

How do I fix CVE-2014-3925?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3925?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST