- Description
- Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
- Source
- 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
- CWE-328
- Hype score
- Not currently trending
CVE-2025-41256 (CVSS:7.4, HIGH) is Awaiting Analysis. Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), sinc..https://t.co/tDUGXhxVs7 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 Jun 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41256 Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered... https://t.co/DaIrdkg6Pd
@VulmonFeeds
25 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41256 Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA… https://t.co/eWAHZUz9ZA
@CVEnew
25 Jun 2025
453 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes