CVEFinder.io

CVE-2025-10966

đŸ”ļ medium
Summary

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

CVSS Score
4.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-07
First Seen: 2026-01-05
Last Modified 2026-01-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

🔗 References 4

https://curl.se/docs/CVE-2025-10966.html
Vendor Advisory Patch
https://curl.se/docs/CVE-2025-10966.json
Vendor Advisory
https://hackerone.com/reports/3355218
Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/11/05/2
Mailing List Third Party Advisory Patch

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
haxx curl Affected
≥ 7.69.0 < 8.17.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-13034 đŸ”ļ medium 5.9 0.0 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the pu... 2026-01-08
CVE-2025-14017 đŸ”ļ medium 6.3 0.0 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadver... 2026-01-08
CVE-2025-14524 đŸ”ļ medium 5.3 0.0 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a s... 2026-01-08
CVE-2025-14819 đŸ”ļ medium 5.3 0.0 When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option... 2026-01-08
CVE-2025-15079 đŸ”ļ medium 5.3 0.0 When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl... 2026-01-08
CVE-2025-15224 ℹī¸ low 3.1 0.1 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly s... 2026-01-08
These CVEs affect the same products