CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint

🗓️ 25 Jun 2025 09:16:58Reported by sba-researchType

Cyberduck and Mountain Duck use weak SHA-1 hash for certificate fingerprint, risking security.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-41256	25 Jun 202509:47	–	circl
CNNVD	iterate Cyberduck和iterate Mountain Duck 安全漏洞	25 Jun 202500:00	–	cnnvd
CVE	CVE-2025-41256	25 Jun 202509:16	–	cve
EUVD	EUVD-2025-19095	3 Oct 202520:07	–	euvd
NVD	CVE-2025-41256	25 Jun 202510:15	–	nvd
Positive Technologies	PT-2025-26818 · Unknown +1 · Mountain Duck +1	25 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-41256	27 Jun 202509:21	–	redhatcve
Vulnrichment	CVE-2025-41256 Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint	25 Jun 202509:16	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Cyberduck",
    "repo": "https://github.com/iterate-ch/cyberduck",
    "vendor": "iterate GmbH",
    "versions": [
      {
        "lessThanOrEqual": "9.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Mountain Duck",
    "vendor": "iterate GmbH",
    "versions": [
      {
        "lessThanOrEqual": "4.17.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-02_Cyberduck_Mountain_Duck_Weak_Hash
github	www.github.com/iterate-ch/cyberduck/security/advisories/GHSA-688c-vjrc-84rv

25 Jun 2025 09:16Current

CVSS 3.17.4

EPSS0.00069

CWE-328