CVE-2025-10966 — Key Exchange without Entity Authentication in Curl

CWE-322 — Key Exchange without Entity Authentication9 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 94.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haxx Curl Curl

Timeline

PublishedNov 7

Latest updateNov 11

Description

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDhaxx/curl7.69.0 — 8.17.0

▶Alpinehaxx/curl< 8.17.0-r0

▶Debianhaxx/curl< 8.17.0~rc2-1

▶CVEListV5curl/curl8.16.0 — 8.16.0+52

Patches

Patch: curl.se ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-5gff-h54g-38r2: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms↗2025-11-07

▶

OSV

CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms↗2025-11-07

▶

OSV

CVE-2025-10966: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms↗2025-11-07

▶

CVEList

missing SFTP host verification with wolfSSH↗2025-11-07

▶

📋Vendor Advisories

Microsoft

missing SFTP host verification with wolfSSH↗2025-11-11

▶

Red Hat

curl: Curl missing SFTP host verification with wolfSSH backend↗2025-11-07

▶

Debian

CVE-2025-10966: curl - curl's code for managing SSH connections when SFTP was done using the wolfSSH po...↗2025

▶

💬Community

HackerOne

CVE-2025-10966: missing SFTP host verification with wolfSSH↗2025-11-05

▶