CVE-2025-10966
published 2025-11-07CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.03%
9.6th percentile
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| curl | curl | 7.69.0 – 7.69.0 | — |
| curl | curl | 7.69.1 – 7.69.1 | — |
| curl | curl | 7.70.0 – 7.70.0 | — |
| curl | curl | 7.71.0 – 7.71.0 | — |
| curl | curl | 7.71.1 – 7.71.1 | — |
| curl | curl | 7.72.0 – 7.72.0 | — |
| curl | curl | 7.73.0 – 7.73.0 | — |
| curl | curl | 7.74.0 – 7.74.0 | — |
| curl | curl | 7.75.0 – 7.75.0 | — |
| curl | curl | 7.76.0 – 7.76.0 | — |
| curl | curl | 7.76.1 – 7.76.1 | — |
| curl | curl | 7.77.0 – 7.77.0 | — |
| curl | curl | 7.78.0 – 7.78.0 | — |
| curl | curl | 7.79.0 – 7.79.0 | — |
| curl | curl | 7.79.1 – 7.79.1 | — |
| curl | curl | 7.80.0 – 7.80.0 | — |
| curl | curl | 7.81.0 – 7.81.0 | — |
| curl | curl | 7.82.0 – 7.82.0 | — |
| curl | curl | 7.83.0 – 7.83.0 | — |
| curl | curl | 7.83.1 – 7.83.1 | — |
| curl | curl | 7.84.0 – 7.84.0 | — |
| curl | curl | 7.85.0 – 7.85.0 | — |
| curl | curl | 7.86.0 – 7.86.0 | — |
| curl | curl | 7.87.0 – 7.87.0 | — |
| curl | curl | 7.88.0 – 7.88.0 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
vendor_msrc6.8MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
missing SFTP host verification with wolfSSH
vendor_msrc·2025-11-11·CVSS 6.8
CVE-2025-10966 [MEDIUM] missing SFTP host verification with wolfSSH
missing SFTP host verification with wolfSSH
Mariner: Mariner
curl: curl
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
Red Hat
curl: Curl missing SFTP host verification with wolfSSH backend
vendor_redhat·2025-11-07·CVSS 4.3
CVE-2025-10966 [MEDIUM] CWE-322 curl: Curl missing SFTP host verification with wolfSSH backend
curl: Curl missing SFTP host verification with wolfSSH backend
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. As the wolfSSH backend was documented as incomplete and fail tests, it is not expected that many users execute this code in production.
Statement: This vulnerability doesn't affect any supported Red Hat product. This flaw affects only curl when built with wolfSSH backend support, meanwhile for Red Hat Enterprise Linux and other Red Hat products the default SSH backend being use is
Debian
CVE-2025-10966: curl - curl's code for managing SSH connections when SFTP was done using the wolfSSH po...
vendor_debian·2025·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966: curl - curl's code for managing SSH connections when SFTP was done using the wolfSSH po...
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 8.17.0~rc2-1)
sid: resolved (fixed in 8.17.0~rc2-1)
trixie: open
GHSA
GHSA-5gff-h54g-38r2: curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms
ghsa_unreviewed·2025-11-07
CVE-2025-10966 [MEDIUM] GHSA-5gff-h54g-38r2: curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
OSV
CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms
osv·2025-11-07·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
OSV
CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms
osv·2025-11-07·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-10966 rpi-imager: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
bugzilla·2025-11-07·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966 rpi-imager: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
CVE-2025-10966 rpi-imager: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-10966 mingw-curl: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
bugzilla·2025-11-07·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966 mingw-curl: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
CVE-2025-10966 mingw-curl: Curl missing SFTP host verification with wolfSSH backend [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
HackerOne
CVE-2025-10966: missing SFTP host verification with wolfSSH
hackerone·2025-11-05·CVSS 4.3
CVE-2025-10966 [MEDIUM] CVE-2025-10966: missing SFTP host verification with wolfSSH
CVE-2025-10966: missing SFTP host verification with wolfSSH
## Summary:
When curl is built with the wolfSSH backend, the SSH/SFTP implementation in `lib/vssh/wolfssh.c` performs no server host key verification and exposes no host identity options in the curl tool. I verified this locally by building curl with wolfSSH (binary reports `wolfssh/1.4.20`), observing that the SSH host verification options are not available in the tool, and inspecting the wolfSSH code paths that connect without any host key check or known_hosts handling.
AI usage statement: This report text was prepared with assistance, but the findings below were verified manually via local build, runtime behavior, and code inspection.
## Affected version
Local build on macOS (Apple Silicon):
```
$ ./src/curl --version
curl
2025-11-07
Published