CVE-2025-41255 is a high-severity vulnerability identified in iterate GmbH's Cyberduck (up to version 9.1.6) and Mountain Duck (up to version 4.17.5). The core issue stems from improper handling of TLS certificate pinning for untrusted certificates, such as self-signed certificates. Specifically, when these applications encounter untrusted certificates, they incorrectly install these certificates into the Windows Certificate Store of the current user without applying any restrictions or proper validation controls. This behavior constitutes an incorrect privilege assignment (CWE-266), as it grants elevated trust to potentially malicious certificates within the user's certificate store. The vulnerability is exploitable remotely (AV:N) but requires high attack complexity (AC:H) and user interaction (UI:R), with no privileges required (PR:N). The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. The impact on confidentiality and integrity is high (C:H/I:H), while availability is not affected (A:N). This means an attacker could leverage this flaw to perform man-in-the-middle (MITM) attacks by injecting malicious certificates trusted by the system, potentially intercepting or altering sensitive data transmitted via TLS connections established by Cyberduck or Mountain Duck. The vulnerability does not currently have known exploits in the wild, and no patches have been linked yet. The issue highlights a critical failure in secure certificate management, undermining the trust model of TLS connections within these widely used file transfer and mounting clients.

For European organizations, this vulnerability poses a significant risk, especially for entities relying on Cyberduck and Mountain Duck for secure file transfers and network drive mounting. The improper certificate pinning could allow attackers to intercept confidential communications, leading to data breaches involving sensitive corporate or personal data. This is particularly concerning for sectors with strict data protection regulations such as GDPR, including finance, healthcare, and government agencies. The high integrity impact means attackers could manipulate data in transit, potentially injecting malicious payloads or altering files without detection. Since the vulnerability affects the Windows Certificate Store of the current user, compromised endpoints could serve as entry points for broader network intrusions. The requirement for user interaction suggests phishing or social engineering could be vectors for exploitation, increasing risk in environments with less stringent user security awareness. The lack of patches currently means organizations must rely on mitigation strategies to reduce exposure. Given Cyberduck and Mountain Duck's popularity among IT professionals and enterprises in Europe, the threat could disrupt secure workflows and erode trust in encrypted communications.

1. Immediately audit and restrict the use of Cyberduck and Mountain Duck within the organization, especially on Windows endpoints. 2. Educate users about the risks of accepting untrusted or self-signed certificates and enforce policies to avoid manual acceptance of such certificates. 3. Implement endpoint protection solutions that monitor and alert on unauthorized modifications to the Windows Certificate Store, particularly additions of new certificates without administrative approval. 4. Use application whitelisting and privilege management to limit the ability of applications to alter certificate stores. 5. Employ network-level TLS inspection tools that can detect anomalous certificate chains or MITM attempts. 6. Where possible, replace Cyberduck and Mountain Duck with alternative clients that have verified secure certificate handling until patches are available. 7. Monitor threat intelligence feeds for updates on exploit development and vendor patches. 8. Enforce multi-factor authentication and strong access controls on systems that handle sensitive data to reduce the impact of potential interception. 9. Conduct regular security awareness training focusing on phishing and social engineering to mitigate the user interaction requirement for exploitation.