AZL-69748

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69748.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-69748
Upstream
Published
2025-11-07T08:15:39Z
Modified
2026-04-01T05:21:37.099254Z
Summary
CVE-2025-10966 affecting package cmake 3.30.3-11
Details

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

References

Affected packages

Azure Linux:3 / cmake

Package

Name
cmake
Purl
pkg:rpm/azure-linux/cmake

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.30.3-11

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-69748.json"