CVE-2025-68153

HIGH SEVERITY

Vulnerability Description

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19.

Vulnerability Details

Published Date

April 03, 2026

Last Modified

April 07, 2026

CWE ID

CWE-863

Source

NVD

Vendor

juju

Product

juju

External References

https://github.com/juju/juju/commit/26ff93c903d55b0712c6fb3f6b254710edb971d4
https://github.com/juju/juju/security/advisories/GHSA-245v-p8fj-vwm2

CVE-2025-68153

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment