CVE-2025-41255

🗓️ 25 Jun 2025 09:21:37Reported by sba-researchType

Cyberduck and Mountain Duck improperly handle TLS certificate pinning, affecting versions 9.1.6 and 4.17.5

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-41255	25 Jun 202509:47	–	circl
CNNVD	iterate Cyberduck和iterate Mountain Duck 安全漏洞	25 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling	25 Jun 202509:21	–	cvelist
EUVD	EUVD-2025-19096	3 Oct 202520:07	–	euvd
NVD	CVE-2025-41255	25 Jun 202510:15	–	nvd
Positive Technologies	PT-2025-26819 · Unknown +1 · Mountain Duck +1	25 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-41255	27 Jun 202510:27	–	redhatcve
Vulnrichment	CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling	25 Jun 202509:21	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Cyberduck",
    "repo": "https://github.com/iterate-ch/cyberduck",
    "vendor": "iterate GmbH",
    "versions": [
      {
        "lessThanOrEqual": "9.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mountain Duck",
    "vendor": "iterate GmbH",
    "versions": [
      {
        "lessThanOrEqual": "4.17.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655
github	www.github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling

15 Apr 2026 00:35Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18

EPSS0.00106

SSVC

CWE-266