CVE-2025-0665 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
curl	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Debian Releases

Debian Product

Codename

curl

bullseye	7.74.0-1.3+deb11u13 not-affected
bookworm	7.88.1-10+deb12u12 not-affected
bullseye (security)	7.74.0-1.3+deb11u14 fixed
bookworm (security)	7.88.1-10+deb12u5 fixed
sid	8.13.0-5 fixed
trixie	8.13.0-5 fixed

Common Weakness Enumeration

CWE-1341 - Multiple Releases of Same Resource or Handle
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.

References

https://curl.se/docs/CVE-2025-0665.html

https://curl.se/docs/CVE-2025-0665.json

https://hackerone.com/reports/2954286

http://www.openwall.com/lists/oss-security/2025/02/05/2

http://www.openwall.com/lists/oss-security/2025/02/05/5

https://security.netapp.com/advisory/ntap-20250306-0007/