CVE-2025-10966
EUVD-2025-3824007.11.2025, 08:15
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| haxx | curl | 7.69.0 ≤ 𝑥 < 8.17.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | RUGGEDCOM RST2428P | 𝑥 < V4.0 | ADP |
| curl | curl | 𝑥 ≤ 8.16.0 | CNA |
| curl | curl | 𝑥 ≤ 8.15.0 | CNA |
| curl | curl | 𝑥 ≤ 8.14.1 | CNA |
| curl | curl | 𝑥 ≤ 8.14.0 | CNA |
| curl | curl | 𝑥 ≤ 8.13.0 | CNA |
| curl | curl | 𝑥 ≤ 8.12.1 | CNA |
| curl | curl | 𝑥 ≤ 8.12.0 | CNA |
| curl | curl | 𝑥 ≤ 8.11.1 | CNA |
| curl | curl | 𝑥 ≤ 8.11.0 | CNA |
| curl | curl | 𝑥 ≤ 8.10.1 | CNA |
| curl | curl | 𝑥 ≤ 8.10.0 | CNA |
| curl | curl | 𝑥 ≤ 8.9.1 | CNA |
| curl | curl | 𝑥 ≤ 8.9.0 | CNA |
| curl | curl | 𝑥 ≤ 8.8.0 | CNA |
| curl | curl | 𝑥 ≤ 8.7.1 | CNA |
| curl | curl | 𝑥 ≤ 8.7.0 | CNA |
| curl | curl | 𝑥 ≤ 8.6.0 | CNA |
| curl | curl | 𝑥 ≤ 8.5.0 | CNA |
| curl | curl | 𝑥 ≤ 8.4.0 | CNA |
| curl | curl | 𝑥 ≤ 8.3.0 | CNA |
| curl | curl | 𝑥 ≤ 8.2.1 | CNA |
| curl | curl | 𝑥 ≤ 8.2.0 | CNA |
| curl | curl | 𝑥 ≤ 8.1.2 | CNA |
| curl | curl | 𝑥 ≤ 8.1.1 | CNA |
| curl | curl | 𝑥 ≤ 8.1.0 | CNA |
| curl | curl | 𝑥 ≤ 8.0.1 | CNA |
| curl | curl | 𝑥 ≤ 8.0.0 | CNA |
| curl | curl | 𝑥 ≤ 7.88.1 | CNA |
| curl | curl | 𝑥 ≤ 7.88.0 | CNA |
| curl | curl | 𝑥 ≤ 7.87.0 | CNA |
| curl | curl | 𝑥 ≤ 7.86.0 | CNA |
| curl | curl | 𝑥 ≤ 7.85.0 | CNA |
| curl | curl | 𝑥 ≤ 7.84.0 | CNA |
| curl | curl | 𝑥 ≤ 7.83.1 | CNA |
| curl | curl | 𝑥 ≤ 7.83.0 | CNA |
| curl | curl | 𝑥 ≤ 7.82.0 | CNA |
| curl | curl | 𝑥 ≤ 7.81.0 | CNA |
| curl | curl | 𝑥 ≤ 7.80.0 | CNA |
| curl | curl | 𝑥 ≤ 7.79.1 | CNA |
| curl | curl | 𝑥 ≤ 7.79.0 | CNA |
| curl | curl | 𝑥 ≤ 7.78.0 | CNA |
| curl | curl | 𝑥 ≤ 7.77.0 | CNA |
| curl | curl | 𝑥 ≤ 7.76.1 | CNA |
| curl | curl | 𝑥 ≤ 7.76.0 | CNA |
| curl | curl | 𝑥 ≤ 7.75.0 | CNA |
| curl | curl | 𝑥 ≤ 7.74.0 | CNA |
| curl | curl | 𝑥 ≤ 7.73.0 | CNA |
| curl | curl | 𝑥 ≤ 7.72.0 | CNA |
| curl | curl | 𝑥 ≤ 7.71.1 | CNA |
| curl | curl | 𝑥 ≤ 7.71.0 | CNA |
| curl | curl | 𝑥 ≤ 7.70.0 | CNA |
| curl | curl | 𝑥 ≤ 7.69.1 | CNA |
| curl | curl | 𝑥 ≤ 7.69.0 | CNA |
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| curl |
| ||||
| curl-debuginfo |
| ||||
| curl-debugsource |
| ||||
| curl-minimal |
| ||||
| curl-minimal-debuginfo |
| ||||
| libcurl |
| ||||
| libcurl-debuginfo |
| ||||
| libcurl-devel |
| ||||
| libcurl-minimal |
| ||||
| libcurl-minimal-debuginfo |
|
Azure Linux Releases
Vulnerability Media Exposure