{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:39:42.522","vulnerabilities":[{"cve":{"id":"CVE-2025-41255","sourceIdentifier":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a","published":"2025-06-25T10:15:21.783","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5."},{"lang":"es","value":"Cyberduck y Mountain Duck gestionan incorrectamente la fijación de certificados TLS para certificados no confiables (p. ej., autofirmados), instalándolos innecesariamente en el almacén de certificados de Windows del usuario actual sin ninguna restricción. Este problema afecta a Cyberduck hasta la versión 9.1.6 y a Mountain Duck hasta la versión 4.17.5."}],"metrics":{"cvssMetricV31":[{"source":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8}]},"weaknesses":[{"source":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655","source":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a"},{"url":"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling","source":"1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a"},{"url":"https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}