Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-4947

Опубликовано: 28 мая 2025
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия от 8.8.0 (включая) до 8.14.0 (исключая)

EPSS

Процентиль: 3%
0.00018
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

CVSS3: 6.5
ubuntu
2 месяца назад

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

CVSS3: 6.5
redhat
2 месяца назад

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

CVSS3: 6.5
msrc
27 дней назад

Описание отсутствует

CVSS3: 6.5
debian
2 месяца назад

libcurl accidentally skips the certificate verification for QUIC conne ...

CVSS3: 6.5
github
2 месяца назад

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

EPSS

Процентиль: 3%
0.00018
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-295