CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

June 25, 2025

CVE ID : CVE-2025-41255

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.

This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

Next Article CVE-2024-51984 – Apache Device Passcode Authentication Service Password Disclosure Vulnerability

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

Exploring the Future of React Native: Upcoming Features, and AI Integrations

Optics11 raises €17M to enhance power infrastructure resilience in Europe

60% of AI agents work in IT departments – here’s what they do every day

Ivanti Patches High-Severity Credential Decryption Flaws in Workspace Control

GenSeg: Generative AI Transforms Medical Image Segmentation in Ultra Low-Data Regimes

CVE-2025-44043 – Keyoti SearchUnit SSRF

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

Related Posts