Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

Published: Jul 9, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-53512
GHSA: GHSA-r64v-82fh-xc63
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200
CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
github.com/juju/juju	-	0.0.0-20250619024904-402ff008dcc2
canonical / juju	-	2.9.52
canonical / juju	3.0.0	3.6.8

https://github.com/juju/juju/commit/402ff008dcc2cb57f4441968628637efb5c2a662
https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3
https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo