CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

June 25, 2025

CVE ID : CVE-2025-41255

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.

This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41256 – Cyberduck and Mountain Duck TLS Certificate Pinning Weakness

Next Article CVE-2024-51984 – Apache Device Passcode Authentication Service Password Disclosure Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-2504 – Apache HTTP Server Cross Site Scripting

Vibe Loop: AI-native reliability engineering for the real world

New method assesses and improves the reliability of radiologists’ diagnostic reports

CVE-2025-3987 – TOTOLINK N150RT Command Injection Vulnerability

NVIDIA’s RTX 5050 specs leaked: 2560 CUDA cores, GDDR6 memory, and Blackwell chip

CVE-2025-5881 – Code-projects Chat System SQL Injection Vulnerability

10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-41255 – Cyberduck and Mountain Duck TLS Certificate Pinning Vulnerability

Related Posts