Medium severity6.5NVD Advisory· Published Apr 3, 2026· Updated Apr 21, 2026
CVE-2025-68153
CVE-2025-68153
Description
Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/jujuGo | < 0.0.0-20260120044552-26ff93c903d5 | 0.0.0-20260120044552-26ff93c903d5 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/juju/juju/commit/26ff93c903d55b0712c6fb3f6b254710edb971d4nvdPatchWEB
- github.com/advisories/GHSA-245v-p8fj-vwm2ghsaADVISORY
- github.com/juju/juju/security/advisories/GHSA-245v-p8fj-vwm2nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-68153ghsaADVISORY
News mentions
0No linked articles in our index yet.