CVE-2025-68153

EPSS 0.01%
Veröffentlicht 03.04.2026 15:28:06
Zuletzt bearbeitet 21.04.2026 01:24:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Juju: Resource poisoning

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Juju Version >= 2.9 <= 2.9.55

Canonical ≫ Juju Version >= 3.6 <= 3.6.18

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.017

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/juju/juju/security/advisories/GHSA-245v-p8fj-vwm2

Vendor Advisory

https://github.com/juju/juju/commit/26ff93c903d55b0712c6fb3f6b254710edb971d4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-68153

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68153

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68153

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-68153