CVE-2025-53512

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53512

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53512.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53512

Aliases

Downstream

openSUSE-SU-2025:15405-1

Related

openSUSE-SU-2025:15405-1

Published

2025-07-08T17:16:04.400Z

Modified

2026-04-10T05:30:50.823283Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

References

https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63

Affected packages

Git / github.com/juju/juju

Affected ranges

Type

GIT

Repo

https://github.com/juju/juju

Events

Introduced

Fixed

003bf7bb76eb4f2ebc1d8402c397dcd47b4ad26a

Introduced

3dde4b429f270e3da7df3abb9d3e8509c174b32b

Fixed

9c21a01221528c4ad6245581d83fdfd52a07de2f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.52"
        },
        {
            "introduced": "3.0"
        },
        {
            "fixed": "3.6.8"
        }
    ]
}

Affected versions

Other

delete-ecs

juju-

juju-1.*

juju-1.19.3

juju-1.19.4

juju-1.21-alpha1

juju-1.21-alpha2

juju-1.21-alpha3

juju-1.25-alpha1

juju-1.26-alpha1

juju-1.26-alpha2

juju-1.26-alpha3

juju-2.*

juju-2.0-alpha1

juju-2.0-alpha2

juju-2.0-beta1

juju-2.0-beta10

juju-2.0-beta11

juju-2.0-beta12

juju-2.0-beta13

juju-2.0-beta14

juju-2.0-beta15

juju-2.0-beta16

juju-2.0-beta17

juju-2.0-beta18

juju-2.0-beta2

juju-2.0-beta3

juju-2.0-beta4

juju-2.0-beta5

juju-2.0-beta6

juju-2.0-beta7

juju-2.0-beta8

juju-2.0-beta9

juju-2.0-rc1

juju-2.0-rc2

juju-2.0-rc3

juju-2.0.0

juju-2.1-beta1

juju-2.1-beta2

juju-2.2-alpha1

juju-2.2-beta1

juju-2.2-beta2

juju-2.2-beta3

juju-2.2-beta4

juju-2.2-rc1

juju-2.3-beta1

juju-2.3-beta2

juju-2.3-beta3

juju-2.3-rc1

juju-2.3-rc2

juju-2.4-beta1

juju-2.4-beta2

juju-2.4-beta3

juju-2.4-rc1

juju-2.5-beta1

juju-2.5-beta2

juju-2.5-beta3

juju-2.6-beta1

juju-2.6-beta2

juju-2.6-rc1

juju-2.7-beta1

juju-2.7-rc1

juju-2.8-beta1

juju-2.8-rc1

juju-2.9-beta1

juju-2.9-rc1

juju-2.9-rc10

juju-2.9-rc11

juju-2.9-rc12

juju-2.9-rc2

juju-2.9-rc3

juju-2.9-rc4

juju-2.9-rc5

juju-2.9-rc6

juju-2.9-rc7

juju-2.9-rc8

juju-2.9-rc9

juju-2.9.0

juju-2.9.1

juju-2.9.10

juju-2.9.11

juju-2.9.12

juju-2.9.13

juju-2.9.14

juju-2.9.15

juju-2.9.16

juju-2.9.17

juju-2.9.18

juju-2.9.19

juju-2.9.2

juju-2.9.20

juju-2.9.21

juju-2.9.22

juju-2.9.23

juju-2.9.24

juju-2.9.25

juju-2.9.26

juju-2.9.27

juju-2.9.28

juju-2.9.29

juju-2.9.3

juju-2.9.30

juju-2.9.31

juju-2.9.32

juju-2.9.33

juju-2.9.34

juju-2.9.35

juju-2.9.36

juju-2.9.37

juju-2.9.38

juju-2.9.39

juju-2.9.4

juju-2.9.40

juju-2.9.41

juju-2.9.42

juju-2.9.43

juju-2.9.44

juju-2.9.45

juju-2.9.46

juju-2.9.5

juju-2.9.6

juju-2.9.7

juju-2.9.8

juju-2.9.9

juju-3.*

juju-3.0-beta1

juju-3.0-beta2

juju-3.0-beta3

juju-3.0-beta4

juju-3.0-rc1

juju-3.1.6

juju-3.2-beta1

juju-3.2.3

juju-3.2.4

juju-3.3-beta1

juju-3.3.0

v2.*

v2.9.45

v2.9.46

v2.9.47

v2.9.48

v2.9.49

v3.*

v3.3-beta2

v3.3-rc1

v3.3-rc2

v3.3.0

v3.4-beta1

v3.4-rc1

v3.5-beta1

v3.6-beta1

v3.6-beta2

v3.6-rc1

v3.6-rc2

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53512.json"