CVE-2025-68153 — Juju is an open source application orchestration engine that enables any…
Image via opengraph.githubassets.com
🚨 CVE-2025-68153 Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller un
fix: only allow users with write permission to upload resources · juju/juju@26ff93c
github.com
What This Means For You
- New vulnerability disclosed — verify if your stack is exposed.
- New tool or resource available — evaluate for your security workflow.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-68153 | Privilege Escalation | Juju versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19. Authenticated users can modify application resources within the entire controller. |
| CVE-2025-68153 | Misconfiguration | Juju versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19. Allows authenticated users to modify application resources across the entire Juju controller. |
🛠 Recommended Tools
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158285 |
| Published | April 07, 2026 at 16:27 UTC |
| Original Link | https://github.com/juju/juju/commit/26ff93c903d55b0712c6f... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share