CVE-2025-10966

Опубликовано: 07 нояб. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

Ссылки

https://curl.se/docs/CVE-2025-10966.html
Vendor Advisory
Patch
https://curl.se/docs/CVE-2025-10966.json
Vendor Advisory
https://hackerone.com/reports/3355218
Exploit
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/11/05/2
Mailing List
Third Party Advisory
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Версия от 7.69.0 (включая) до 8.17.0 (исключая)

EPSS

Процентиль: 5%

0.0002

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-10966

CVSS3: 4.3

ubuntu

5 месяцев назад

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

CVE-2025-10966

CVSS3: 5.9

redhat

5 месяцев назад

CVE-2025-10966

CVSS3: 6.8

msrc

4 месяца назад

missing SFTP host verification with wolfSSH

CVE-2025-10966

CVSS3: 4.3

debian

5 месяцев назад

curl's code for managing SSH connections when SFTP was done using the ...

GHSA-5gff-h54g-38r2

CVSS3: 4.3

github

5 месяцев назад

EPSS

Процентиль: 5%

0.0002

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo