CVE-2025-53513
published 2025-07-08CVE-2025-53513: The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.65%
46.4th percentile
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | juju | < 2.9.52 | 2.9.52 |
| canonical | juju | >= 2.0.0 < 2.9.52 | 2.9.52 |
| canonical | juju | >= 3.0 < 3.6.8 | 3.6.8 |
| canonical | juju | >= 3.0.0 < 3.6.8 | 3.6.8 |
| github.com | juju_juju | >= 0 < 0.0.0-20250619215741-6356e984b82a | 0.0.0-20250619215741-6356e984b82a |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
osv·2025-07-28
CVE-2025-53513 Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
OSV
Juju zip slip vulnerability via authenticated endpoint
osv·2025-07-09
CVE-2025-53513 [HIGH] Juju zip slip vulnerability via authenticated endpoint
Juju zip slip vulnerability via authenticated endpoint
### Impact
Any user with a Juju account on a controller can upload a charm to the /charms endpoint.
No specific permissions are required - it's just sufficient for the user to exist in the controller user database.
A charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm.
### Details
A controller exposes three charm-related HTTP API endpoints, as follows:
- PUT/GET https://:17070/model-/charms/-
- POST/GET https://:17070/model-/charms
- GET https://:17070/charms
These endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access
GHSA
Juju zip slip vulnerability via authenticated endpoint
ghsa·2025-07-09
CVE-2025-53513 [HIGH] CWE-22 Juju zip slip vulnerability via authenticated endpoint
Juju zip slip vulnerability via authenticated endpoint
### Impact
Any user with a Juju account on a controller can upload a charm to the /charms endpoint.
No specific permissions are required - it's just sufficient for the user to exist in the controller user database.
A charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm.
### Details
A controller exposes three charm-related HTTP API endpoints, as follows:
- PUT/GET https://:17070/model-/charms/-
- POST/GET https://:17070/model-/charms
- GET https://:17070/charms
These endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-08
Published