216.73.217.80

CVE-2025-41255

· Published 25/06/2025 10:15 · Modified 26/06/2025 18:58

Labels: CVE-2025-41255 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a2025-06-25CVE-2025-41255CWE-266

Essential information

Published
25/06/2025 10:15
Modified
26/06/2025 18:58
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CVSS metrics

Description

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
NVD
View on NVD

Affected products (CPE)

ProductCPE
cyberduck / cyberduck cpe:2.3:a:cyberduck:cyberduck:<9.1.6:*:*:*:*:*:*:*
mountain duck / mountain duck cpe:2.3:a:mountain_duck:mountain_duck:<4.17.5:*:*:*:*:*:*:*

References