Vulnerability Details CVE-2025-53513
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.7%
CVSS Severity
CVSS v3 Score 8.8
References