Juju up to 2.9.55/3.6.18 authorization

Summaryinfo

A vulnerability labeled as problematic has been found in Juju up to 2.9.55/3.6.18. This affects an unknown function. The manipulation results in authorization. This vulnerability is identified as CVE-2025-68152. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability classified as problematic has been found in Juju up to 2.9.55/3.6.18. Affected is an unknown part. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. This is going to have an impact on confidentiality. CVE summarizes:

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. This issue has been patched in versions 2.9.56 and 3.6.19.

The advisory is shared for download at github.com. This vulnerability is traded as CVE-2025-68152 since 12/15/2025. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation needs additional levels of successful authentication. There are neither technical details nor an exploit publicly available.

Upgrading to version 2.9.56 or 3.6.19 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Name

• Juju

Version

• 2.9.0
• 2.9.1
• 2.9.2
• 2.9.3
• 2.9.4
• 2.9.5
• 2.9.6
• 2.9.7
• 2.9.8
• 2.9.9
• 2.9.10
• 2.9.11
• 2.9.12
• 2.9.13
• 2.9.14
• 2.9.15
• 2.9.16
• 2.9.17
• 2.9.18
• 2.9.19
• 2.9.20
• 2.9.21
• 2.9.22
• 2.9.23
• 2.9.24
• 2.9.25
• 2.9.26
• 2.9.27
• 2.9.28
• 2.9.29
• 2.9.30
• 2.9.31
• 2.9.32
• 2.9.33
• 2.9.34
• 2.9.35
• 2.9.36
• 2.9.37
• 2.9.38
• 2.9.39
• 2.9.40
• 2.9.41
• 2.9.42
• 2.9.43
• 2.9.44
• 2.9.45
• 2.9.46
• 2.9.47
• 2.9.48
• 2.9.49
• 2.9.50
• 2.9.51
• 2.9.52
• 2.9.53
• 2.9.54
• 2.9.55
• 3.6.0
• 3.6.1
• 3.6.2
• 3.6.3
• 3.6.4
• 3.6.5
• 3.6.6
• 3.6.7
• 3.6.8
• 3.6.9
• 3.6.10
• 3.6.11
• 3.6.12
• 3.6.13
• 3.6.14
• 3.6.15
• 3.6.16
• 3.6.17
• 3.6.18

Website

• Product: https://github.com/juju/juju/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion