CURL-CVE-2025-10966

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-10966.html

Import Source

https://curl.se/docs/CURL-CVE-2025-10966.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2025-10966

Aliases

CVE-2025-10966

Published

2025-11-05T08:00:00Z

Modified

2026-05-21T06:00:16.521456618Z

Summary

missing SFTP host verification with wolfSSH

Details

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

Database specific

{
    "URL": "https://curl.se/docs/CVE-2025-10966.json",
    "www": "https://curl.se/docs/CVE-2025-10966.html",
    "CWE": {
        "desc": "Key Exchange without Entity Authentication",
        "id": "CWE-322"
    },
    "package": "curl",
    "last_affected": "8.16.0",
    "issue": "https://hackerone.com/reports/3355218",
    "affects": "both",
    "severity": "Low",
    "award": {
        "amount": "505",
        "currency": "USD"
    }
}

References

Credits

- Stanislav Fort (Aisle Research) - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.69.0

Fixed

8.17.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

6773c7ca65cf2183295e56603f9b86a5ce816a06

Fixed

b011e3fcfb06d6c0278595ee2ee297036fbe9793

Affected versions

7.*

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.14.0

8.14.1

8.15.0

8.16.0

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Other

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

curl-7_77_0

curl-7_78_0

curl-7_79_0

curl-7_79_1

curl-7_80_0

curl-7_81_0

curl-7_82_0

curl-7_83_0

curl-7_83_1

curl-7_84_0

curl-7_85_0

curl-7_86_0

curl-7_87_0

curl-7_88_0

curl-7_88_1

curl-8_0_0

curl-8_0_1

curl-8_10_0

curl-8_10_1

curl-8_11_0

curl-8_11_1

curl-8_12_0

curl-8_12_1

curl-8_13_0

curl-8_14_0

curl-8_14_1

curl-8_15_0

curl-8_16_0

curl-8_1_0

curl-8_1_1

curl-8_1_2

curl-8_2_0

curl-8_2_1

curl-8_3_0

curl-8_4_0

curl-8_5_0

curl-8_6_0

curl-8_7_0

curl-8_7_1

curl-8_8_0

curl-8_9_0

curl-8_9_1

tiny-curl-7_72_0

tiny-curl-8_4_0

Database specific

source

"https://curl.se/docs/CURL-CVE-2025-10966.json"