CURL-CVE-2025-15079

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-15079.html

Import Source

https://curl.se/docs/CURL-CVE-2025-15079.json

JSON Data

https://api.test.osv.dev/v1/vulns/CURL-CVE-2025-15079

Aliases

CVE-2025-15079

Published

2026-01-07T08:00:00Z

Modified

2026-01-07T14:25:14Z

Summary

libssh global known_hosts override

Details

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file.

Database specific

{
    "www": "https://curl.se/docs/CVE-2025-15079.html",
    "award": {
        "amount": "505",
        "currency": "USD"
    },
    "package": "curl",
    "issue": "https://hackerone.com/reports/3477116",
    "URL": "https://curl.se/docs/CVE-2025-15079.json",
    "last_affected": "8.17.0",
    "CWE": {
        "desc": "Improper Validation of Certificate with Host Mismatch",
        "id": "CWE-297"
    },
    "affects": "both",
    "severity": "Low"
}

References

Credits

- Harry Sintonen - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.58.0

Fixed

8.18.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

c92d2e14cfb0db662f958effd2ac86f995cf1b5a

Fixed

adca486c125d9a6d9565b9607a19dce803a8b479

Affected versions

7.*

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.14.0

8.14.1

8.15.0

8.16.0

8.17.0

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Database specific

source

"https://curl.se/docs/CURL-CVE-2025-15079.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "lib/vssh/libssh.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "154575153157544741194860835334875511962",
                "309481514725220947052872221583547583347",
                "254045176640521679480925776028254756608",
                "140624623419491185855662600675706734772"
            ]
        },
        "id": "CURL-CVE-2025-15079-2a01c048",
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/adca486c125d9a6d9565b9607a19dce803a8b479"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "lib/vssh/libssh.c",
            "function": "myssh_connect"
        },
        "deprecated": false,
        "digest": {
            "length": 2963.0,
            "function_hash": "179759690000595925597507395316046644025"
        },
        "id": "CURL-CVE-2025-15079-95faa990",
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/adca486c125d9a6d9565b9607a19dce803a8b479"
    }
]