Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5025

Опубликовано: 28 мая 2025
Источник: redhat
CVSS3: 4.8

Описание

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

A flaw was found in libcurl. This vulnerability can allow an attacker to connect to an imposter server via HTTP/3 QUIC connections when using the wolfSSL TLS backend, bypassing certificate pinning verification. This issue only affects instances of curl and libcurl using WolfSSL as the backend TLS library.

Отчет

This vulnerability doesn't impact any Red Hat supported curl versions, as Red Hat doesn't ship the WolfSSL TLS library in any product.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Confidential Compute Attestationconfidential-compute-attestation-tech-preview/trustee-rhel9Not affected
Red Hat Enterprise Linux 10curlNot affected
Red Hat Enterprise Linux 10snphostNot affected
Red Hat Enterprise Linux 10trustee-guest-componentsNot affected
Red Hat Enterprise Linux 6curlNot affected
Red Hat Enterprise Linux 7curlNot affected
Red Hat Enterprise Linux 8curlNot affected
Red Hat Enterprise Linux 9curlNot affected
Red Hat Enterprise Linux 9rustNot affected
Red Hat Enterprise Linux 9snphostNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=2368888curl: libcurl: QUIC Certificate Pinning Bypass

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5025

CVSS3: 4.8
ubuntu
22 дня назад

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

nvd логотип

CVE-2025-5025

CVSS3: 4.8
nvd
22 дня назад

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

debian логотип

CVE-2025-5025

CVSS3: 4.8
debian
22 дня назад

libcurl supports *pinning* of the server certificate public key for HT ...

github логотип

GHSA-x8ch-h5vv-q6cm

CVSS3: 4.8
github
22 дня назад

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

4.8 Medium

CVSS3