CVE-2025-53512 — Vulnetix

CVE-2025-53512 PUBLISHED CVSS 6.5 MEDIUM

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

EPSS 0.24% · 47.8th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.24%

47.8th percentile

Affected Products

Vendor	Product	Versions
canonical	juju	3.0, 0
Canonical	Juju	2.0.0, 3.0.0
github.com	juju/juju	0

Exploit Intelligence

https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63 (nist-nvd)

Timeline

Jul 8, 2025 CVE Published
Jul 9, 2025 EPSS Score
Jul 9, 2025 Coalition ESS Score
Jul 10, 2025 Coalition ESS Score
Jul 18, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 6, 2025 EPSS Score
Aug 16, 2025 EPSS Score
Aug 25, 2025 EPSS Score
Aug 26, 2025 Coalition ESS Score
Aug 26, 2025 Coalition ESS Score
Aug 27, 2025 Coalition ESS Score

References

https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63 url
https://nvd.nist.gov/vuln/detail/CVE-2025-53512 advisory
https://github.com/juju/juju/commit/402ff008dcc2cb57f4441968628637efb5c2a662 url
https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3 url
https://github.com/juju/juju package

Open in Interactive Console →