CVE-2025-53513

Description

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-24 CWE-24

CWE-22 Path Traversal

Affected Products

Vendor	Product	Versions
canonical	juju	< 2.9.52
canonical	juju	3.0 — 3.6.8

References

Advisories & Patches

https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8 https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8

Exploits

https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8 https://github.com/juju/juju/security/advisories/GHSA-24ch-w38v-xmh8

Frequently Asked Questions

What is CVE-2025-53513? +

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. It has a CVSS v3.1 base score of 8.8 (HIGH).

How severe is CVE-2025-53513? +

CVE-2025-53513 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-53513? +

CVE-2025-53513 affects products from canonical, specifically: juju. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-53513? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-59342

esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …

CVE-2023-6699 9.1

The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, …

CVE-2025-61318 9.1

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …

CVE-2024-23657 8.8

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing …

CVE-2025-54769 8.8

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in …

CVE-2025-60344 8.6

A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used …