CVE-2025-53512

CWE-200 — Information Exposure CWE-2855 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 76.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Juju Github.com Juju/juju

Timeline

PublishedJul 8

Latest updateJul 28

Description

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5canonical/juju2.0.0 — 2.9.52+1

▶NVDcanonical/juju3.0 — 3.6.8+1

▶Gogithub.com/juju/juju< 0.0.0-20250619024904-402ff008dcc2

🔴Vulnerability Details

OSV

Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju↗2025-07-28

▶

GHSA

Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization↗2025-07-09

▶

OSV

Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization↗2025-07-09

▶

CVEList

Sensitive log retrieval in Juju↗2025-07-08

▶