
We found results for “”
CVE-2025-41255
Good to know:

Date: June 25, 2025
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Incorrect Privilege Assignment
CWE-266Top Fix

Upgrade Version
Upgrade to version https://github.com/iterate-ch/cyberduck.git - release-9-1-7
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |