CVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

June 25, 2025

CVE ID : CVE-2025-41256

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.

This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41647 – Siemens PLC Designer Password Disclosure Vulnerability

Next Article CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

NVIDIA needs 300,000 more H20 AI chips from TSMC to meet China’s demand — but some security experts aren’t happy

CVE-2025-4043 – Apache Device Unprivileged File Write

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Meet Macrohard, Elon Musk’s AI simulation of Microsoft, focused solely on AI software development — “It’s a tongue-in-cheek name, but the project is very real!”

CVE-2025-46646 – Ghostscript UTF-8 Encoding Vulnerability

CVE-2025-43484 – Poly Clariti Manager Cross-Site Scripting (XSS)

CVE-2025-47641 – Printcart Web to Print Product Designer for WooCommerce Unrestricted File Upload Vulnerability

STALKER 2 gets a 2025 roadmap — this open-world shooter is getting even better with new missions, better performance, and more

CVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

Related Posts