CVE-2025-15079

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.

Ссылки

https://curl.se/docs/CVE-2025-15079.html
Vendor Advisory
Patch
https://curl.se/docs/CVE-2025-15079.json
Vendor Advisory
https://hackerone.com/reports/3477116
Exploit
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/6
Mailing List
Third Party Advisory
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Версия от 7.58.0 (включая) до 8.18.0 (исключая)

EPSS

Процентиль: 5%

0.00021

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-297

Связанные уязвимости

CVE-2025-15079

CVSS3: 5.3

ubuntu

около 1 месяца назад

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

CVE-2025-15079

CVSS3: 5.3

debian

около 1 месяца назад

When doing SSH-based transfers using either SCP or SFTP, and setting t ...

ROS-20260129-73-0067

CVSS3: 5.3

redos

10 дней назад

Уязвимость curl

GHSA-7q9p-cx8r-rh2q

CVSS3: 5.3

github

около 1 месяца назад

SUSE-SU-2026:0066-1

suse-cvrf

около 1 месяца назад

Security update for curl

EPSS

Процентиль: 5%

0.00021

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-297