CVE-2025-41255

Published
View on NVD ↗
CVSS v3
8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

sbaresearch/advisories
sbaresearch/advisories
Security advisories by SBA Research.
GitHubGitHub
27
iterate-ch/cyberduck
iterate-ch/cyberduck
Cyberduck is a libre FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Microsoft Azure & OneDrive and OpenStack Swift file transfer client for Mac and Windows.
GitHubGitHub
4.54K