CVE-2025-6224

MEDIUM

juju/utils - Info Disclosure

Title source: llm

Description

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

References (1)

[Exploit, Vendor Advisory] https://github.com/juju/utils/security/advisories/GHSA-h34r-jxqm-qgpr

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 25.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

canonical/juju\/utils 4.0.0 - 4.0.4

juju/utils 0 - 4.0.4Go

Published Jul 01, 2025

Tracked Since Feb 18, 2026