CVE-2025-10148 — Vulnetix

CVE-2025-10148 PUBLISHED

EPSS 0.22% · 44.6th percentile

Risk Scores

EPSS Score

0.22%

44.6th percentile

Affected Products

Vendor	Product	Versions
Amazon	curl

Exploit Intelligence

CVE-2025-10148: predictable WebSocket mask (hackerone)
CVE-2025-10148: predictable WebSocket mask (hackerone)
CVE-2025-10148: predictable WebSocket mask (hackerone)
https://hackerone.com/reports/3330839 (osv)
4593.2.0.yml (github-poc)
glcve_test.go (github-poc)
4593.2.0.yml (github-poc)
4593.2.0.yml (github-poc)
4593.2.0.yml (github-poc)
4593.2.0.yml (github-poc)

…and 14 more exploits

Timeline

CVE Published
Sep 10, 2025 PoC Published
Sep 12, 2025 EPSS Score
Sep 12, 2025 Coalition ESS Score
Sep 19, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 Coalition ESS Score
Oct 4, 2025 EPSS Score
Oct 6, 2025 Coalition ESS Score
Oct 11, 2025 EPSS Score
Oct 15, 2025 Coalition ESS Score
Oct 18, 2025 EPSS Score

References

ALAS2023-2025-1351: curl (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›