CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

June 25, 2025

CVE ID : CVE-2025-41255

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.

This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

Next Article CVE-2024-51984 – Apache Device Passcode Authentication Service Password Disclosure Vulnerability

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

CVE-2025-43880 – GROWI Regular Expression Denial of Service (DoS)

CVE-2024-51977 – HP Printer Information Disclosure

Xbox is the only console that can play all mainline Final Fantasy games

Thanks to Xbox’s price hike, the Series S is now more expensive than the PS5

Deepfake ‘doctors’ take to TikTok to peddle bogus cures

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More

Meta’s upcoming $1,000 smart glasses sound like the Ray-Bans successor I’ve been waiting for

CVE-2025-48945 – Apache c-ares Use-After-Free DNS Channel Crash

What the State of Pentesting Report 2025 Reveals About Cybersecurity Readiness

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

Related Posts