Certificate Generation Vulnerability in Juju Utils by Canonical
CVE-2025-6224

6.5MEDIUM

Key Information:

Vendor: Canonical
Status: Juju Utils
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-6224?

A vulnerability exists in the certificate generation process in Juju Utils that could inadvertently include sensitive private information. If a certificate containing this information is transmitted over an unsecured network, it may be intercepted by an attacker. The attacker could then easily extract the private key, compromising the security of the application and its data. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

Juju utils Linux 4.0.1 <= 4.0.3

References

https://github.com/juju/utils/security/advisories/GHSA-h3...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Jun 18, 2025

Credit

Josh McSavaney