CNNVD-202506-3149 Information
CNNVD ID
CNNVD-202506-3149
Related CVE
- CNNVD Published: 2025-06-25
Description (Chinese)
iterate Cyberduck和iterate Mountain Duck都是iterate开源的一款文件传输客户端。 iterate Cyberduck 9.1.6及之前版本和iterate Mountain Duck 4.17.5及之前版本存在安全漏洞,该漏洞源于TLS证书固定处理不当,可能导致安装不受信任证书。
Description (English)
Iterate Cyberduck and iterate Mountain Duck are both an open-source file transfer client. Iterate Cyberduck 9.1.6 and previous versions and earlier versions of Iterate Mountain Duck 4.17.5 have security gaps, which stem from inappropriate fixed processing of TLS certificates and may lead to the installation of untrusted certificates.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
iterate
Published
2025-06-25
Last Modified
2026-02-24
References
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655 https://nvd.nist.gov/vuln/detail/CVE-2025-41255
Patch
https://cyberduck.io/download/
Share on: