CNNVD-202506-3147 Information
CNNVD ID
CNNVD-202506-3147
Related CVE
- CNNVD Published: 2025-06-25
Description (Chinese)
iterate Cyberduck和iterate Mountain Duck都是iterate开源的一款文件传输客户端。 iterate Cyberduck 9.1.6及之前版本和iterate Mountain Duck 4.17.5及之前版本存在安全漏洞,该漏洞源于使用SHA-1存储证书指纹,可能导致安全风险。
Description (English)
Iterate Cyberduck and iterate Mountain Duck are both an open-source file transfer client. Iterate Cyberduck 9.1.6 and previous versions and earlier versions of Iterate Mountain Duck 4.17.5 have security loopholes, which stem from the use of SHA-1 to store fingerprints of certificates, which may lead to security risks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
iterate
Published
2025-06-25
Last Modified
2026-02-24
References
https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-688c-vjrc-84rv https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-02_Cyberduck_Mountain_Duck_Weak_Hash https://nvd.nist.gov/vuln/detail/CVE-2025-41256
Patch
https://cyberduck.io/download/
Share on: