CVE-2025-6224

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6224

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6224.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6224

Aliases

Downstream

UBUNTU-CVE-2025-6224

Published

2025-07-01T11:15:21Z

Modified

2025-10-22T16:24:50.034481Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

References

https://github.com/juju/utils/security/advisories/GHSA-h34r-jxqm-qgpr

Affected packages

Git / github.com/juju/utils

Affected ranges

Type: GIT
Repo: https://github.com/juju/utils
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2aaacb75571d6056e4d0597773bfe32c76ea6fef

Affected versions

Other

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v4.*

v4.0.1

v4.0.2

v4.0.3