CVEFinder.io

CVE-2025-15224

ℹī¸ low
Summary

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

CVSS Score
3.1
Low
EPSS Score
0.1
Exploit Probability
Published Date
2026-01-08
First Seen: 2026-01-17
Last Modified 2026-01-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE IDs (Weakness Types)
CWE-287

🔗 References 4

https://curl.se/docs/CVE-2025-15224.html
Vendor Advisory Patch
https://curl.se/docs/CVE-2025-15224.json
Vendor Advisory
https://hackerone.com/reports/3480925
Exploit Third Party Advisory Issue Tracking
http://www.openwall.com/lists/oss-security/2026/01/07/7
Mailing List Third Party Advisory Patch

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
haxx curl Affected
≥ 7.58.0 < 8.18.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-13034 đŸ”ļ medium 5.9 0.0 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the pu... 2026-01-08
CVE-2025-14017 đŸ”ļ medium 6.3 0.0 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadver... 2026-01-08
CVE-2025-14524 đŸ”ļ medium 5.3 0.0 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a s... 2026-01-08
CVE-2025-14819 đŸ”ļ medium 5.3 0.0 When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option... 2026-01-08
CVE-2025-15079 đŸ”ļ medium 5.3 0.0 When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl... 2026-01-08
CVE-2025-10966 đŸ”ļ medium 4.3 0.0 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host... 2025-11-07
These CVEs affect the same products