High severity7.4OSV Advisory· Published Jun 25, 2025· Updated Apr 15, 2026
CVE-2025-41256
CVE-2025-41256
Description
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.
This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3$TAG_NAME, release-3-3, release-3-3-1, …+ 1 more
- (no CPE)range: $TAG_NAME, release-3-3, release-3-3-1, …
- (no CPE)range: <=9.1.6
- Range: <=4.17.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.