Moderate severityNVD Advisory· Published Jul 1, 2025· Updated Jul 1, 2025
Key leakage in juju/utils certificates
CVE-2025-6224
Description
Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/utils/v4/certGo | < 4.0.4 | 4.0.4 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/juju/utils/v4/certpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 4.0.4+ 1 more
- (no CPE)range: < 4.0.4
- (no CPE)range: < 0.0.20250730T213748-1.1
- Canonical/Juju utilsv5Range: 4.0.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.