Auth bypass in Juju

CVE-2025-68152

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is…

Vulnerability class: Broken Access Control

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

Affected products

Juju — versions >= 2.9, < 2.9.56, >= 3.6, < 3.6.19

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/juju/juju/security/advisories/GHSA-j6f6-jp3p-53mw (x_refsource_CONFIRM)
https://github.com/juju/juju/commit/22cdcf6b54c2f371822e1c203d4f341be6c9589e (x_refsource_MISC)
https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3 (x_refsource_MISC)