Security Advisory

CVE-2025-41255

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-25 09:21:37

Last updated 2025-06-25 13:33:27

Assigner sba-research

State PUBLISHED

Description

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

← Browse all CVEs View on cve.org ↗