πŸ” CVE Alert

CVE-2025-68152

UNKNOWN 0.0

Juju: Read All Controller Logs From Compromised Workload

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called β€˜charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. This issue has been patched in versions 2.9.56 and 3.6.19.

CWE CWE-863
Vendor juju
Product juju
Published Apr 3, 2026
Last Updated Apr 3, 2026
Stay Ahead of the Next One

Get instant alerts for juju juju

Be the first to know when new unknown vulnerabilities affecting juju juju are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

juju / juju
>= 2.9, < 2.9.56 >= 3.6, < 3.6.19

References

NVD β†— CVE.org β†— EPSS Data β†—
github.com: https://github.com/juju/juju/security/advisories/GHSA-j6f6-jp3p-53mw github.com: https://github.com/juju/juju/commit/22cdcf6b54c2f371822e1c203d4f341be6c9589e github.com: https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3