CVE-2025-15224

Опубликовано: 08 янв. 2026

Источник: debian

Описание

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
curl	fixed	8.18.0-1		package

Примечания

https://curl.se/docs/CVE-2025-15224.html
Introduced with: https://github.com/curl/curl/commit/c92d2e14cfb0db662f958effd2ac86f995cf1b5a (curl-7_58_0)
Fixed by: https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa (curl-8_18_0)
Debian builds with libssh2 for SSH backend

Связанные уязвимости

CVE-2025-15224

CVSS3: 3.1

ubuntu

около 1 месяца назад

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

CVE-2025-15224

CVSS3: 3.1

nvd

около 1 месяца назад

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

ROS-20260129-73-0065

CVSS3: 3.1

redos

10 дней назад

Уязвимость curl

GHSA-hccr-q52r-4w88

CVSS3: 3.1

github

около 1 месяца назад

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

SUSE-SU-2026:0052-1

suse-cvrf

около 1 месяца назад

Security update for curl