Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-41255
Awaiting Analysis
More InfoOfficial Page
Source-1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
View Known Exploited Vulnerability (KEV) details
Published At-25 Jun, 2025 | 10:15
Updated At-26 Jun, 2025 | 18:58

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Secondary1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
CWE ID: CWE-266
Type: Secondary
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m6551e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
N/A
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
N/A
https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Resource: N/A
Hyperlink: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Resource: N/A
Hyperlink: https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Hyperlink: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found