GHSA-5gff-h54g-38r2

Опубликовано: 07 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

Ссылки

EPSS

Процентиль: 5%

0.0002

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-10966

Связанные уязвимости

CVE-2025-10966

CVSS3: 4.3

ubuntu

5 месяцев назад

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

CVE-2025-10966

CVSS3: 5.9

redhat

5 месяцев назад

CVE-2025-10966

CVSS3: 4.3

nvd

5 месяцев назад

CVE-2025-10966

CVSS3: 6.8

msrc

4 месяца назад

missing SFTP host verification with wolfSSH

CVE-2025-10966

CVSS3: 4.3

debian

5 месяцев назад

curl's code for managing SSH connections when SFTP was done using the ...

EPSS

Процентиль: 5%

0.0002

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-10966