Security Advisory

CVE-2025-41256

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-25 09:16:58

Last updated 2025-06-25 13:34:07

Assigner sba-research

State PUBLISHED

Description

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.

← Browse all CVEs View on cve.org ↗