Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-11563

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.0%
CVSS Severity
CVSS v3 Score 4.6
Products affected by CVE-2025-11563
  • Curl » Wcurl » Version: Any
    cpe:2.3:a:curl:wcurl:*
  • Haxx » Curl » Version: 8.14.0
    cpe:2.3:a:haxx:curl:8.14.0
  • Haxx » Curl » Version: 8.14.1
    cpe:2.3:a:haxx:curl:8.14.1
  • Haxx » Curl » Version: 8.15.0
    cpe:2.3:a:haxx:curl:8.15.0
  • Haxx » Curl » Version: 8.16.0
    cpe:2.3:a:haxx:curl:8.16.0
  • Haxx » Curl » Version: 8.17.0
    cpe:2.3:a:haxx:curl:8.17.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved