Vulnerability Details CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.4%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-10966
-
cpe:2.3:a:haxx:curl:7.69.0
-
cpe:2.3:a:haxx:curl:7.69.1
-
cpe:2.3:a:haxx:curl:7.70.0
-
cpe:2.3:a:haxx:curl:7.71.0
-
cpe:2.3:a:haxx:curl:7.71.1
-
cpe:2.3:a:haxx:curl:7.72.0
-
cpe:2.3:a:haxx:curl:7.73.0
-
cpe:2.3:a:haxx:curl:7.74.0
-
cpe:2.3:a:haxx:curl:7.75.0
-
cpe:2.3:a:haxx:curl:7.76.0
-
cpe:2.3:a:haxx:curl:7.76.1
-
cpe:2.3:a:haxx:curl:7.77.0
-
cpe:2.3:a:haxx:curl:7.78.0
-
cpe:2.3:a:haxx:curl:7.79.0
-
cpe:2.3:a:haxx:curl:7.79.1
-
cpe:2.3:a:haxx:curl:7.80.0
-
cpe:2.3:a:haxx:curl:7.81.0
-
cpe:2.3:a:haxx:curl:7.82.0
-
cpe:2.3:a:haxx:curl:7.83.0
-
cpe:2.3:a:haxx:curl:7.83.1
-
cpe:2.3:a:haxx:curl:7.84.0
-
cpe:2.3:a:haxx:curl:7.85.0
-
cpe:2.3:a:haxx:curl:7.86.0
-
cpe:2.3:a:haxx:curl:7.87.0
-
cpe:2.3:a:haxx:curl:7.88.0
-
cpe:2.3:a:haxx:curl:7.88.1
-
cpe:2.3:a:haxx:curl:8.0.0
-
cpe:2.3:a:haxx:curl:8.0.1
-
cpe:2.3:a:haxx:curl:8.1.0
-
cpe:2.3:a:haxx:curl:8.1.1
-
cpe:2.3:a:haxx:curl:8.1.2
-
cpe:2.3:a:haxx:curl:8.10.0
-
cpe:2.3:a:haxx:curl:8.10.1
-
cpe:2.3:a:haxx:curl:8.11.0
-
cpe:2.3:a:haxx:curl:8.11.1
-
cpe:2.3:a:haxx:curl:8.12.0
-
cpe:2.3:a:haxx:curl:8.12.1
-
cpe:2.3:a:haxx:curl:8.13.0
-
cpe:2.3:a:haxx:curl:8.14.0
-
cpe:2.3:a:haxx:curl:8.14.1
-
cpe:2.3:a:haxx:curl:8.15.0
-
cpe:2.3:a:haxx:curl:8.16.0
-
cpe:2.3:a:haxx:curl:8.2.0
-
cpe:2.3:a:haxx:curl:8.2.1
-
cpe:2.3:a:haxx:curl:8.4.0
-
cpe:2.3:a:haxx:curl:8.5.0
-
cpe:2.3:a:haxx:curl:8.6.0
-
cpe:2.3:a:haxx:curl:8.7.0
-
cpe:2.3:a:haxx:curl:8.7.1
-
cpe:2.3:a:haxx:curl:8.8.0
-
cpe:2.3:a:haxx:curl:8.9.0
-
cpe:2.3:a:haxx:curl:8.9.1