{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41255", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2025-04-16T09:37:50.630Z", "datePublished": "2025-06-25T09:21:37.479Z", "dateUpdated": "2025-06-25T13:33:27.985Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cyberduck", "repo": "https://github.com/iterate-ch/cyberduck", "vendor": "iterate GmbH", "versions": [{"lessThanOrEqual": "9.1.6", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Mountain Duck", "vendor": "iterate GmbH", "versions": [{"lessThanOrEqual": "4.17.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thomas Kostal"}, {"lang": "en", "type": "finder", "value": "Andreas Boll"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<tt></tt><p>\n\n</p><div>\n\n<div><div><div>Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.</div></div></div>\n\n</div><p></p><p>This issue affects Cyberduck through 9.1.6 and Mountain Duck through&nbsp;4.17.5.</p>"}], "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2025-06-25T09:28:38.711Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}, {"tags": ["vendor-advisory"], "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}], "source": {"discovery": "UNKNOWN"}, "title": "Cyberduck and Mountain Duck - Improper Certificate Store Handling", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["exploit"]}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T13:33:24.899723Z", "id": "CVE-2025-41255", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T13:33:27.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41255", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-25T13:33:24.899723Z"}}}], "references": [{"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["exploit"]}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T13:33:19.194Z"}}], "cna": {"title": "Cyberduck and Mountain Duck - Improper Certificate Store Handling", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Thomas Kostal"}, {"lang": "en", "type": "finder", "value": "Andreas Boll"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/iterate-ch/cyberduck", "vendor": "iterate GmbH", "product": "Cyberduck", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.1.6"}], "defaultStatus": "unaffected"}, {"vendor": "iterate GmbH", "product": "Mountain Duck", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.17.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["third-party-advisory"]}, {"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5.", "supportingMedia": [{"type": "text/html", "value": "<tt></tt><p>\n\n</p><div>\n\n<div><div><div>Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.</div></div></div>\n\n</div><p></p><p>This issue affects Cyberduck through 9.1.6 and Mountain Duck through&nbsp;4.17.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2025-06-25T09:28:38.711Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41255", "state": "PUBLISHED", "dateUpdated": "2025-06-25T13:33:27.985Z", "dateReserved": "2025-04-16T09:37:50.630Z", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "datePublished": "2025-06-25T09:21:37.479Z", "assignerShortName": "sba-research"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."}, {"lang": "es", "value": "Cyberduck y Mountain Duck gestionan incorrectamente la fijaci\u00f3n de certificados TLS para certificados no confiables (p. ej., autofirmados), instal\u00e1ndolos innecesariamente en el almac\u00e9n de certificados de Windows del usuario actual sin ninguna restricci\u00f3n. Este problema afecta a Cyberduck hasta la versi\u00f3n 9.1.6 y a Mountain Duck hasta la versi\u00f3n 4.17.5."}], "id": "CVE-2025-41255", "lastModified": "2025-06-26T18:58:14.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2025-06-25T10:15:21.783", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}

{}