CVE-2025-15079Improper Validation of Certificate with Host Mismatch in Curl

CWE-297Improper Validation of Certificate with Host MismatchCWE-358Improperly Implemented Security Check for Standard12 documents10 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Haxx CurlCurl
Timeline
PublishedJan 8
Latest updateMar 3

Description

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

NVDhaxx/curl7.58.08.18.0
Debianhaxx/curl< 8.18.0~rc3-1
Ubuntuhaxx/curl< 7.35.0-1ubuntu2.20+esm19+3
CVEListV5curl/curl8.17.08.17.0+69

Patches

Patch: curl.sePatch: www.openwall.com

🔴Vulnerability Details

4
OSV
curl vulnerabilities2026-03-03
GHSA
GHSA-7q9p-cx8r-rh2q: When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *2026-01-08
CVEList
libssh global known_hosts override2026-01-08
OSV
CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *2026-01-08

📋Vendor Advisories

4
Ubuntu
curl vulnerabilities2026-03-03
Ubuntu
curl vulnerabilities2026-02-25
Red Hat
curl: Host verification bypass during SSH transfers2026-01-07
Debian
CVE-2025-15079: curl - When doing SSH-based transfers using either SCP or SFTP, and setting the known_h...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-15079 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
HackerOne
CVE-2025-15079: libssh global knownhost override2026-01-07
Bugzilla
CVE-2025-15079 curl: Host verification bypass during SSH transfers2025-12-31
CVE-2025-15079 — Haxx Curl vulnerability | cvebase