CVE-2025-0928
Published: 08 July 2025
Summary
CVE-2025-0928 is a high-severity Improper Authorization (CWE-285) vulnerability in Canonical Juju. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to upload agent binaries to models and controllers, directly preventing unauthorized distribution due to improper model membership and permission checks.
Restricts and manages access by authenticated users to perform changes such as binary uploads, mitigating the ability of low-privilege controller users to poison binaries across models.
Requires verification of component authenticity for agent binaries prior to installation or execution on new or upgrading machines, blocking poisoned binaries from remote code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln in exposed Juju controller allows unauthorized malicious binary upload (CWE-434/285) that gets distributed and executed for RCE, directly enabling T1190 exploitation and T1105 ingress transfer.
NVD Description
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of…
more
poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
Deeper analysisAI
CVE-2025-0928 is a high-severity vulnerability in Juju, an open-source orchestration engine for cloud-native infrastructure, affecting versions prior to 3.6.8 and 2.9.52. It stems from improper authorization (CWE-285) and unrestricted upload of dangerous file types (CWE-434), allowing any authenticated controller user to upload arbitrary agent binaries to any model or the controller itself without model membership verification or explicit permissions. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating significant risk due to its network accessibility and low complexity.
An attacker with low-privilege authenticated access to the Juju controller can exploit this flaw to upload malicious agent binaries, which are then distributed to new or upgrading machines across models. This enables remote code execution on victim machines, as the poisoned binaries execute with the privileges of the deployed agents, potentially compromising entire models or the controller.
The official GitHub security advisory (GHSA-4vc8-wvhw-m5gv) addresses mitigation by recommending immediate upgrades to Juju 3.6.8 or 2.9.52, where upload operations now enforce proper model membership checks and permission requirements to prevent unauthorized binary distribution.
Details
- CWE(s)