CVE Alert: CVE-2025-6224

July 3, 2025
image 1

Vulnerability Summary: CVE-2025-6224

Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.

Affected Endpoints:

No affected endpoints listed.

Published Date:

7/1/2025, 11:15:21 AM

⚠️ CVSS Score:

CVSS v3 Score: 6.5 (Medium)

Exploit Status:

Not Exploited

EPS Score: 0.00018 | Ranking EPS: 0.02909

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: authorization-header-leak-via-location-trusted-in-curl-voggerloops

July 3, 2025
hackerone

HackerOne Bug Bounty Disclosure: subdomain-takeover-on-live-firefox-com-martinvw

July 3, 2025
hackerone

HackerOne Bug Bounty Disclosure: mozillavpn-elevation-of-privilege-via-a-logic-vulnerability-northsea

July 3, 2025
hackerone

HackerOne Bug Bounty Disclosure: elevation-of-privileges-eop-vulnerabilities-related-to-the-some-easy-options-on-windows-justlikebono-official

July 3, 2025
hackerone

HackerOne Bug Bounty Disclosure: mozillavpn-elevation-of-privilege-via-a-race-condition-vulnerability-northsea

July 3, 2025