CVE-2025-6224

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/juju/utils/security/advisories/GHSA-h34r-jxqm-qgpr

Configurations

No configuration.

History

03 Jul 2025, 15:14

Type	Values Removed	Values Added
Summary		(es) La generación de certificados en juju/utils mediante la función cert.NewLeaf podría incluir información privada. Si este certificado se transfiriera por la red en texto plano, un atacante que escuchara en esa red podría rastrearlo y extraer fácilmente su clave privada.

01 Jul 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 11:15

Updated : 2025-07-03 15:14

NVD link : CVE-2025-6224

Mitre link : CVE-2025-6224

CVE.ORG link : CVE-2025-6224

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

6.5 /10