CVE-2025-10966
4.3 MEDIUMcurl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mec...
Published: 2025-11-07 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| haxx | curl |
Description
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-10966
- [Patch]https://curl.se/docs/CVE-2025-10966.html
- [Vendor advisory]https://curl.se/docs/CVE-2025-10966.json
- [Exploit reference]https://hackerone.com/reports/3355218
- [Patch]http://www.openwall.com/lists/oss-security/2025/11/05/2
- [Other]https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Related CVEs
Same vendor
- CVE-2026-3784 — curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials ... (6.5 MEDIUM)
- CVE-2025-9086 — 1 (7.5 HIGH)
- CVE-2022-27782 — libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reu... (7.5 HIGH)
- CVE-2022-27781 — libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.... (7.5 HIGH)
- CVE-2022-27775 — An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the conn... (7.5 HIGH)