CVE-2025-6224
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | Juju utils | 4.0.1 <= 4.0.3 | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.