CVE-2025-68152 Juju — Exploit & Vulnerability Details MEDIUM

CVE-2025-68152

MEDIUM CVSS 4.0: 6.9 EPSS 0.01%

Parameter	Value
CVSS	6.9 (MEDIUM)
Affected Versions	before 2.9.56
Type	CWE-863 (Incorrect Authorization)
Vendor	Juju
Public PoC	No

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. This issue has been patched in versions 2.9.56 and 3.6.19.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 3

https://github.com/juju/juju/commit/22cdcf6b54c2f371822e1c203d4f341be6c9589e

security-advisories@github.com

https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3

security-advisories@github.com

https://github.com/juju/juju/security/advisories/GHSA-j6f6-jp3p-53mw

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-68153

Juju

7.1

Menu

CVE-2025-68152

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2025-68153

CVE Details

Editor's Choice

Menu

CVE-2025-68152

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

Related Vulnerabilities

CVE-2025-68153

CVE Details

Editor's Choice

Stay informed on cybersecurity