QwikSec

Security Database

CVE

CWE

Training

CVE-2025-68152

Published: Apr 3, 2026

Modified: Apr 3, 2026

PUBLISHED

Description

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. This issue has been patched in versions 2.9.56 and 3.6.19.

Vendor	Product	Versions
juju	juju	affected `>= 2.9, < 2.9.56` affected `>= 3.6, < 3.6.19`

Weaknesses (CWE)

References

https://github.com/juju/juju/security/advisories/GHSA-j6f6-jp3p-53mw

x_refsource_CONFIRM

https://github.com/juju/juju/commit/22cdcf6b54c2f371822e1c203d4f341be6c9589e

x_refsource_MISC

https://github.com/juju/juju/commit/c91a1f4046956874ba77c8b398aecee3d61a2dc3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.