We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6224

Key leakage in juju/utils certificates



Description

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

Reserved 2025-06-18 | Published 2025-07-01 | Updated 2025-07-01 | Assigner canonical


MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status
unaffected

4.0.1
affected

Credits

Josh McSavaney reporter

References

github.com/.../utils/security/advisories/GHSA-h34r-jxqm-qgpr

cve.org (CVE-2025-6224)

nvd.nist.gov (CVE-2025-6224)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6224

Support options

Helpdesk Chat, Email, Knowledgebase