CVE-2025-53513

Name of the Vulnerable Software and Affected Versions: Juju (affected versions not specified)

Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by uploading a malicious charm that takes advantage of a Zip Slip vulnerability, potentially granting an attacker access to a machine running a unit through the affected charm.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.