What is CVE-2025-0928?

CVE-2025-0928 is a high-severity vulnerability in Canonical Juju, classified under Improper Authorization. CVSS score: 8.8/10. Published 2025-07-08.

How severe is CVE-2025-0928?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Canonical Juju

CVE-2025-0928

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. Th…

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Canonical Juju — versions 2.0.0, 3.0.0

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv

Frequently asked questions

What is CVE-2025-0928?: CVE-2025-0928 is a high-severity vulnerability in Canonical Juju, classified under Improper Authorization. CVSS score: 8.8/10. Published 2025-07-08.
How severe is CVE-2025-0928?: High severity. CVSS v3 base score is 8.8 out of 10.