cbcvebase.
CVE-2025-53513
published 2025-07-08

CVE-2025-53513: The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm…

PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.65%
46.4th percentile
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

Affected

5 ranges
VendorProductVersion rangeFixed in
canonicaljuju< 2.9.522.9.52
canonicaljuju>= 2.0.0 < 2.9.522.9.52
canonicaljuju>= 3.0 < 3.6.83.6.8
canonicaljuju>= 3.0.0 < 3.6.83.6.8
github.comjuju_juju>= 0 < 0.0.0-20250619215741-6356e984b82a0.0.0-20250619215741-6356e984b82a
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.