CVE-2025-0928 – Juju Unauthorized Agent Binary Upload Vulnerability

July 9, 2025

CVE ID : CVE-2025-0928

Published : July 8, 2025, 6:15 p.m. | 12 hours, 9 minutes ago

Description : In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48384 – Git Symlink Execution Vulnerability

Next Article CVE-2025-53513 – Juju Charm Zip Slip Unauthorized Upload Vulnerability

15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

10 Reasons to Choose Full-Stack Techies for Your Next React.js Development Project

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

It doesn’t matter how many laptops I review or how great the deals are — this is the one I keep coming back to over and over again

Leading Experts in Meme Coin Development – Beleaf Technologies

Leading Experts in Meme Coin Development – Beleaf Technologies

Redefining Quality Engineering – Tricentis India Partner Event

Enhancing JSON Responses with Laravel Model Appends

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

Microsoft sees its carbon emissions soar on a 168% glut in AI energy demand, “we recognize that we must also bring more carbon-free electricity onto the grids.”

You can get a Snapdragon X-powered laptop for under $500 right now — a low I didn’t think we’d see this Prime Day week

Sam Altman admits current computers were designed for an AI-free world — but OpenAI’s new type of computer will make the AI revolution “transcendentally good”

CVE-2025-0928 – Juju Unauthorized Agent Binary Upload Vulnerability

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

danielebarbaro/laravel-vat-eu-validator

CVE-2025-48374 – Zot Keycloak Client Secret Disclosure

CVE-2025-49254 – ThemBay Nika PHP Remote File Inclusion Vulnerability

CVE-2025-4713 – Campcodes Sales and Inventory System SQL Injection Vulnerability

Last Week in AI #310 – Google’s AI Mode, Veo 3, and much more, Claude 4

Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation

CVE-2025-6701 – Xuxueli xxl-sso Open Redirect Vulnerability

Updated production-ready Gemini models, reduced 1.5 Pro pricing, increased rate limits, and more

CVE-2025-0928 – Juju Unauthorized Agent Binary Upload Vulnerability

Related Posts