Untriaged
Permalink
CVE-2025-0928
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Arbitrary executable upload via authenticated endpoint
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
Affected products
juju
- <3.6.8
- <2.9.52
Package maintainers
-
@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
-
@emilazy Emily <nixpkgs@emily.moe>
-
@thoughtpolice Austin Seipp <aseipp@pobox.com>
-
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
-
@bbigras Bruno Bigras <bigras.bruno@gmail.com>