Summary
Any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller.
This one is very straightforward to just read in the code:
Step 1:
The authorisation mechanism for the resource handler is defined here. One is only required to have been authed as either a user, machine or controller to pass this check. One requires no permissions on the controller nor does one need any further permissions on the models themselves.
This handler is available under the following path format /:modeluuid/applications/:application/resources/:resources. See here. The handler defines no authorizer as supported by the handler struct here.
One needs to know the following three bits of information to poison the resource cache on the controller:
- model uuid
- application name in the model
- resource name in the model
Given that a lot of deployments use the charm name for applications and the resources for charms are published on charm hub, this is a very low bar to meet, only requiring the model uuid.
Step 2:
If one passes the very basic authz check of step 1, one is now allowed free rein for 'PUT' and 'GET' methods to the handler. This security report will only focus on 'PUT' as it is the most interesting. The 'PUT' handler will gladly take whatever is uploaded to it as long as it has the same file extension defined by the resource.
If the resource already exists in the controller's cache, it will be uploaded with whatever is supplied by the upload, see here and here.
That is it. One can successfully poison the resource cache for any model in the controller.
PoC
A proof of concept has not been done for this because it is so obvious from the code read that it is not deemed necessary.
A realistic example of how this can be used: if there is a compromised workload in Juju that has machine credentials, then one can modify the OCI resources for any other model in the controller. For example, if the controller was running a k8s vault, one could change the docker image in use to a trojan horse version that allows obtaining root access to all the vault secrets.
Once this poison has been performed, the attacker can then leverage the vault secrets to go other places.
Impact
Any charm deployment where a resource could be modified to inject security vulnerabilities into another workload. The most obvious is OCI containers as one gets execution escalation, but if a file resource had security controls in it, this could also be leveraged. For the file case, this would need to be examined on a case-by-case basis.
The application does not correctly enforce access controls, allowing a principal to access resources or operations beyond their granted permissions. Typical impact: unauthorized data access or execution of privileged operations.
CVE-2025-68153 has a CVSS score of 6.5 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.0.0-20260120044552-26ff93c903d5); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2025-68153? CVE-2025-68153 is a high-severity incorrect authorization vulnerability in github.com/juju/juju (go), affecting versions < 0.0.0-20260120044552-26ff93c903d5. It is fixed in 0.0.0-20260120044552-26ff93c903d5. The application does not correctly enforce access controls, allowing a principal to access resources or operations beyond their granted permissions.
- How severe is CVE-2025-68153? CVE-2025-68153 has a CVSS score of 6.5 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of github.com/juju/juju are affected by CVE-2025-68153? github.com/juju/juju (go) versions < 0.0.0-20260120044552-26ff93c903d5 is affected.
- Is there a fix for CVE-2025-68153? Yes. CVE-2025-68153 is fixed in 0.0.0-20260120044552-26ff93c903d5. Upgrade to this version or later.
- Is CVE-2025-68153 exploitable, and should I be worried? Whether CVE-2025-68153 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-68153 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-68153? Upgrade
github.com/juju/jujuto 0.0.0-20260120044552-26ff93c903d5 or later.