CVE-2025-68153
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| juju | juju | >= 2.9, < 2.9.56 | affected |
| juju | juju | >= 3.6, < 3.6.19 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/juju/juju/security/advisories/GHSA-245v-p8fj-vwm2
- https://github.com/juju/juju/commit/26ff93c903d55b0712c6fb3f6b254710edb971d4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.