CVE-2025-41255 - Vulnerability Details - OpenCVE

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.

This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Exploitation poc

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling

History

Wed, 25 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Jun 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
Title		Cyberduck and Mountain Duck - Improper Certificate Store Handling
Weaknesses		CWE-266
References		https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655 https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: sba-research

Published: 2025-06-25T09:21:37.479Z

Updated: 2025-06-25T13:33:27.985Z

Reserved: 2025-04-16T09:37:50.630Z

Link: CVE-2025-41255

Vulnrichment

Updated: 2025-06-25T13:33:19.194Z

NVD

Status : Awaiting Analysis

Published: 2025-06-25T10:15:21.783

Modified: 2025-06-26T18:58:14.280

Link: CVE-2025-41255

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41255", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "state": "PUBLISHED", "assignerShortName": "sba-research", "dateReserved": "2025-04-16T09:37:50.630Z", "datePublished": "2025-06-25T09:21:37.479Z", "dateUpdated": "2025-06-25T13:33:27.985Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cyberduck", "repo": "https://github.com/iterate-ch/cyberduck", "vendor": "iterate GmbH", "versions": [{"lessThanOrEqual": "9.1.6", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Mountain Duck", "vendor": "iterate GmbH", "versions": [{"lessThanOrEqual": "4.17.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thomas Kostal"}, {"lang": "en", "type": "finder", "value": "Andreas Boll"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<tt></tt><p>\n\n</p><div>\n\n<div><div><div>Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.</div></div></div>\n\n</div><p></p><p>This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.</p>"}], "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2025-06-25T09:28:38.711Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}, {"tags": ["vendor-advisory"], "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}], "source": {"discovery": "UNKNOWN"}, "title": "Cyberduck and Mountain Duck - Improper Certificate Store Handling", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["exploit"]}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T13:33:24.899723Z", "id": "CVE-2025-41255", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T13:33:27.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41255", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-25T13:33:24.899723Z"}}}], "references": [{"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["exploit"]}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T13:33:19.194Z"}}], "cna": {"title": "Cyberduck and Mountain Duck - Improper Certificate Store Handling", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Thomas Kostal"}, {"lang": "en", "type": "finder", "value": "Andreas Boll"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/iterate-ch/cyberduck", "vendor": "iterate GmbH", "product": "Cyberduck", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.1.6"}], "defaultStatus": "unaffected"}, {"vendor": "iterate GmbH", "product": "Mountain Duck", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.17.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling", "tags": ["third-party-advisory"]}, {"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5.", "supportingMedia": [{"type": "text/html", "value": "<tt></tt><p>\n\n</p><div>\n\n<div><div><div>Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.</div></div></div>\n\n</div><p></p><p>This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "shortName": "sba-research", "dateUpdated": "2025-06-25T09:28:38.711Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41255", "state": "PUBLISHED", "dateUpdated": "2025-06-25T13:33:27.985Z", "dateReserved": "2025-04-16T09:37:50.630Z", "assignerOrgId": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "datePublished": "2025-06-25T09:21:37.479Z", "assignerShortName": "sba-research"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."}, {"lang": "es", "value": "Cyberduck y Mountain Duck gestionan incorrectamente la fijaci\u00f3n de certificados TLS para certificados no confiables (p. ej., autofirmados), instal\u00e1ndolos innecesariamente en el almac\u00e9n de certificados de Windows del usuario actual sin ninguna restricci\u00f3n. Este problema afecta a Cyberduck hasta la versi\u00f3n 9.1.6 y a Mountain Duck hasta la versi\u00f3n 4.17.5."}], "id": "CVE-2025-41255", "lastModified": "2025-06-26T18:58:14.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}, "published": "2025-06-25T10:15:21.783", "references": [{"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}, {"source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"}], "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary"}]}