{"id":"CVE-2025-53512","details":"The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.","aliases":["GHSA-r64v-82fh-xc63","GO-2025-3806"],"modified":"2026-04-10T05:30:50.823283Z","published":"2025-07-08T17:16:04.400Z","related":["openSUSE-SU-2025:15405-1"],"references":[{"type":"EVIDENCE","url":"https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/juju/juju","events":[{"introduced":"0"},{"fixed":"003bf7bb76eb4f2ebc1d8402c397dcd47b4ad26a"},{"introduced":"3dde4b429f270e3da7df3abb9d3e8509c174b32b"},{"fixed":"9c21a01221528c4ad6245581d83fdfd52a07de2f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.9.52"},{"introduced":"3.0"},{"fixed":"3.6.8"}]}}],"versions":["delete-ecs","juju-","juju-1.19.3","juju-1.19.4","juju-1.21-alpha1","juju-1.21-alpha2","juju-1.21-alpha3","juju-1.25-alpha1","juju-1.26-alpha1","juju-1.26-alpha2","juju-1.26-alpha3","juju-2.0-alpha1","juju-2.0-alpha2","juju-2.0-beta1","juju-2.0-beta10","juju-2.0-beta11","juju-2.0-beta12","juju-2.0-beta13","juju-2.0-beta14","juju-2.0-beta15","juju-2.0-beta16","juju-2.0-beta17","juju-2.0-beta18","juju-2.0-beta2","juju-2.0-beta3","juju-2.0-beta4","juju-2.0-beta5","juju-2.0-beta6","juju-2.0-beta7","juju-2.0-beta8","juju-2.0-beta9","juju-2.0-rc1","juju-2.0-rc2","juju-2.0-rc3","juju-2.0.0","juju-2.1-beta1","juju-2.1-beta2","juju-2.2-alpha1","juju-2.2-beta1","juju-2.2-beta2","juju-2.2-beta3","juju-2.2-beta4","juju-2.2-rc1","juju-2.3-beta1","juju-2.3-beta2","juju-2.3-beta3","juju-2.3-rc1","juju-2.3-rc2","juju-2.4-beta1","juju-2.4-beta2","juju-2.4-beta3","juju-2.4-rc1","juju-2.5-beta1","juju-2.5-beta2","juju-2.5-beta3","juju-2.6-beta1","juju-2.6-beta2","juju-2.6-rc1","juju-2.7-beta1","juju-2.7-rc1","juju-2.8-beta1","juju-2.8-rc1","juju-2.9-beta1","juju-2.9-rc1","juju-2.9-rc10","juju-2.9-rc11","juju-2.9-rc12","juju-2.9-rc2","juju-2.9-rc3","juju-2.9-rc4","juju-2.9-rc5","juju-2.9-rc6","juju-2.9-rc7","juju-2.9-rc8","juju-2.9-rc9","juju-2.9.0","juju-2.9.1","juju-2.9.10","juju-2.9.11","juju-2.9.12","juju-2.9.13","juju-2.9.14","juju-2.9.15","juju-2.9.16","juju-2.9.17","juju-2.9.18","juju-2.9.19","juju-2.9.2","juju-2.9.20","juju-2.9.21","juju-2.9.22","juju-2.9.23","juju-2.9.24","juju-2.9.25","juju-2.9.26","juju-2.9.27","juju-2.9.28","juju-2.9.29","juju-2.9.3","juju-2.9.30","juju-2.9.31","juju-2.9.32","juju-2.9.33","juju-2.9.34","juju-2.9.35","juju-2.9.36","juju-2.9.37","juju-2.9.38","juju-2.9.39","juju-2.9.4","juju-2.9.40","juju-2.9.41","juju-2.9.42","juju-2.9.43","juju-2.9.44","juju-2.9.45","juju-2.9.46","juju-2.9.5","juju-2.9.6","juju-2.9.7","juju-2.9.8","juju-2.9.9","juju-3.0-beta1","juju-3.0-beta2","juju-3.0-beta3","juju-3.0-beta4","juju-3.0-rc1","juju-3.1.6","juju-3.2-beta1","juju-3.2.3","juju-3.2.4","juju-3.3-beta1","juju-3.3.0","v2.9.45","v2.9.46","v2.9.47","v2.9.48","v2.9.49","v3.3-beta2","v3.3-rc1","v3.3-rc2","v3.3.0","v3.4-beta1","v3.4-rc1","v3.5-beta1","v3.6-beta1","v3.6-beta2","v3.6-rc1","v3.6-rc2","v3.6.1","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.6.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53512.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}