Curl Wcurl vulnerabilities

1 known vulnerability affecting curl/wcurl.

Total CVEs

1

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2025-11563MEDIUMCVSS 4.6≥ 2024-12-08, < 2025-11-092026-02-25

CVE-2025-11563 [MEDIUM] CWE-22 CVE-2025-11563: URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file out URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.