CVE-2025-53513 in Juju
Summary
by MITRE • 07/08/2025
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/08/2026
The vulnerability identified as CVE-2025-53513 resides within the Juju controller's /charms endpoint, representing a critical authorization flaw that undermines the security posture of cloud orchestration environments. This endpoint failure creates an unauthorized access vector where any authenticated user can bypass proper access controls to upload charms to the system. The flaw directly contravenes the principle of least privilege and demonstrates a significant breakdown in the controller's access control mechanisms. Juju controllers serve as central management points for cloud infrastructure orchestration, making this vulnerability particularly dangerous as it provides attackers with the ability to introduce malicious code into production environments through legitimate upload pathways.
The technical exploitation of this vulnerability involves a Zip Slip attack vector that leverages the charm upload functionality to execute arbitrary code on target machines. When a malicious charm is uploaded, it can contain specially crafted zip archives that exploit directory traversal vulnerabilities during extraction. This allows attackers to write files to arbitrary locations on the filesystem, potentially leading to privilege escalation and remote code execution on machines running Juju units. The Zip Slip vulnerability specifically affects how archive extraction routines handle file paths, enabling attackers to escape the intended extraction directory and write files outside of the designated scope. This technique aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal attacks.
The operational impact of this vulnerability extends beyond simple unauthorized access, creating a comprehensive attack surface that can lead to full system compromise. Any authenticated user can leverage this flaw to deploy malicious charms that execute arbitrary code on target machines, potentially allowing attackers to establish persistent access, escalate privileges, or exfiltrate sensitive data. The attack chain begins with authentication and progresses through charm upload, extraction, and finally code execution on target systems. This vulnerability particularly affects environments where Juju controllers manage critical infrastructure components, as it provides attackers with a method to compromise the underlying cloud infrastructure. The impact is amplified in multi-tenant environments where unauthorized users can potentially affect other tenants' deployments.
Mitigation strategies for CVE-2025-53513 should focus on immediate access control reinforcement and comprehensive security hardening. Organizations must implement strict authorization checks on all charm upload endpoints, ensuring that only authorized administrators can perform charm uploads. The solution requires enforcement of role-based access controls that properly validate user permissions before allowing charm operations. Additionally, implementing strict input validation and sanitization for all uploaded charm packages is essential to prevent Zip Slip exploitation. Security measures should include mandatory charm signature verification, sandboxed extraction environments, and network segmentation to limit the potential impact of successful exploitation attempts. The remediation process must also involve comprehensive logging and monitoring of charm upload activities to detect anomalous behavior and unauthorized access attempts. Organizations should consider implementing the ATT&CK framework's T1059.007 technique for detecting command and scripting interpreter usage during exploitation attempts, as well as monitoring for suspicious file creation patterns that may indicate successful Zip Slip exploitation.