CVE-2025-10966

Sažetak

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

Reference

https://curl.se/docs/CVE-2025-10966.html
https://curl.se/docs/CVE-2025-10966.json
https://hackerone.com/reports/3355218
http://www.openwall.com/lists/oss-security/2025/11/05/2

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

07-11-2025 - 08:15

Objavljeno

07-11-2025 - 08:15