VYPR
High severity7.4OSV Advisory· Published Jun 25, 2025· Updated Apr 15, 2026

CVE-2025-41256

CVE-2025-41256

Description

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.

This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Iterate Ch/CyberduckOSV2 versions
    $TAG_NAME, release-3-3, release-3-3-1, …+ 1 more
    • (no CPE)range: $TAG_NAME, release-3-3, release-3-3-1, …
    • (no CPE)range: <=9.1.6
  • Range: <=4.17.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.