CVE-2025-15079 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
curl	CNA	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Affected Products (NVD)

Vendor	Product	Version
haxx	curl	7.58.0 ≤ 𝑥 < 8.18.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
curl	curl	𝑥 ≤ 8.17.0	CNA
curl	curl	𝑥 ≤ 8.16.0	CNA
curl	curl	𝑥 ≤ 8.15.0	CNA
curl	curl	𝑥 ≤ 8.14.1	CNA
curl	curl	𝑥 ≤ 8.14.0	CNA
curl	curl	𝑥 ≤ 8.13.0	CNA
curl	curl	𝑥 ≤ 8.12.1	CNA
curl	curl	𝑥 ≤ 8.12.0	CNA
curl	curl	𝑥 ≤ 8.11.1	CNA
curl	curl	𝑥 ≤ 8.11.0	CNA
curl	curl	𝑥 ≤ 8.10.1	CNA
curl	curl	𝑥 ≤ 8.10.0	CNA
curl	curl	𝑥 ≤ 8.9.1	CNA
curl	curl	𝑥 ≤ 8.9.0	CNA
curl	curl	𝑥 ≤ 8.8.0	CNA
curl	curl	𝑥 ≤ 8.7.1	CNA
curl	curl	𝑥 ≤ 8.7.0	CNA
curl	curl	𝑥 ≤ 8.6.0	CNA
curl	curl	𝑥 ≤ 8.5.0	CNA
curl	curl	𝑥 ≤ 8.4.0	CNA
curl	curl	𝑥 ≤ 8.3.0	CNA
curl	curl	𝑥 ≤ 8.2.1	CNA
curl	curl	𝑥 ≤ 8.2.0	CNA
curl	curl	𝑥 ≤ 8.1.2	CNA
curl	curl	𝑥 ≤ 8.1.1	CNA
curl	curl	𝑥 ≤ 8.1.0	CNA
curl	curl	𝑥 ≤ 8.0.1	CNA
curl	curl	𝑥 ≤ 8.0.0	CNA
curl	curl	𝑥 ≤ 7.88.1	CNA
curl	curl	𝑥 ≤ 7.88.0	CNA
curl	curl	𝑥 ≤ 7.87.0	CNA
curl	curl	𝑥 ≤ 7.86.0	CNA
curl	curl	𝑥 ≤ 7.85.0	CNA
curl	curl	𝑥 ≤ 7.84.0	CNA
curl	curl	𝑥 ≤ 7.83.1	CNA
curl	curl	𝑥 ≤ 7.83.0	CNA
curl	curl	𝑥 ≤ 7.82.0	CNA
curl	curl	𝑥 ≤ 7.81.0	CNA
curl	curl	𝑥 ≤ 7.80.0	CNA
curl	curl	𝑥 ≤ 7.79.1	CNA
curl	curl	𝑥 ≤ 7.79.0	CNA
curl	curl	𝑥 ≤ 7.78.0	CNA
curl	curl	𝑥 ≤ 7.77.0	CNA
curl	curl	𝑥 ≤ 7.76.1	CNA
curl	curl	𝑥 ≤ 7.76.0	CNA
curl	curl	𝑥 ≤ 7.75.0	CNA
curl	curl	𝑥 ≤ 7.74.0	CNA
curl	curl	𝑥 ≤ 7.73.0	CNA
curl	curl	𝑥 ≤ 7.72.0	CNA
curl	curl	𝑥 ≤ 7.71.1	CNA
curl	curl	𝑥 ≤ 7.71.0	CNA
curl	curl	𝑥 ≤ 7.70.0	CNA
curl	curl	𝑥 ≤ 7.69.1	CNA
curl	curl	𝑥 ≤ 7.69.0	CNA
curl	curl	𝑥 ≤ 7.68.0	CNA
curl	curl	𝑥 ≤ 7.67.0	CNA
curl	curl	𝑥 ≤ 7.66.0	CNA
curl	curl	𝑥 ≤ 7.65.3	CNA
curl	curl	𝑥 ≤ 7.65.2	CNA
curl	curl	𝑥 ≤ 7.65.1	CNA
curl	curl	𝑥 ≤ 7.65.0	CNA
curl	curl	𝑥 ≤ 7.64.1	CNA
curl	curl	𝑥 ≤ 7.64.0	CNA
curl	curl	𝑥 ≤ 7.63.0	CNA
curl	curl	𝑥 ≤ 7.62.0	CNA
curl	curl	𝑥 ≤ 7.61.1	CNA
curl	curl	𝑥 ≤ 7.61.0	CNA
curl	curl	𝑥 ≤ 7.60.0	CNA
curl	curl	𝑥 ≤ 7.59.0	CNA
curl	curl	𝑥 ≤ 7.58.0	CNA

Debian Releases

Debian Product

Codename

curl

bookworm	unimportant
bookworm (security)	unimportant
bullseye	unimportant
bullseye (security)	unimportant
forky	8.20.0-2 fixed
sid	8.20.0-2 fixed
trixie	unimportant

openSUSE / SLES Releases

openSUSE Product

Release

curl

suse enterprise desktop 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise sap 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.77.1 fixed
suse enterprise server 15 SP7	8.14.1-150700.7.8.1 fixed

libcurl-devel

suse enterprise desktop 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise sap 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.77.1 fixed
suse enterprise server 15 SP7	8.14.1-150700.7.8.1 fixed

libcurl4

suse enterprise desktop 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise sap 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.77.1 fixed
suse enterprise server 15 SP7	8.14.1-150700.7.8.1 fixed

libcurl4-32bit

suse enterprise desktop 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise sap 15 SP7	8.14.1-150700.7.8.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.77.1 fixed
suse enterprise server 15 SP7	8.14.1-150700.7.8.1 fixed

Known Exploits!

https://hackerone.com/reports/3477116

Common Weakness Enumeration

CWE-297 - Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

References

https://curl.se/docs/CVE-2025-15079.html

https://curl.se/docs/CVE-2025-15079.json

https://hackerone.com/reports/3477116

http://www.openwall.com/lists/oss-security/2026/01/07/6