CVE Vulnerabilities

CVE-2025-41255

Incorrect Privilege Assignment

Published: Jun 25, 2025 | Modified: Jun 26, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.

This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References