VDB
CVE-2025-10966
CVE-2025-10966
PUBLISHED
EPSS 0.03% · 10.1th percentile
Risk Scores
EPSS Score
0.03%
10.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | curl |
Exploit Intelligence
- CVE-2025-10966: missing SFTP host verification with wolfSSH (hackerone)
- CVE-2025-10966: missing SFTP host verification with wolfSSH (hackerone)
- CVE-2025-10966: missing SFTP host verification with wolfSSH (hackerone)
- issue (cve.org)
- vote.json (github-poc)
- vote.json (github-poc)
- amandinedurand_td_docker-front_latest.sarif.json (github-poc)
- amandinedurand_td_docker-front_latest.sarif.json (github-poc)
- amandinedurand_td_docker-front_latest.sarif.json (github-poc)
- amandinedurand_td_docker-front_latest.sarif.json (github-poc)
…and 21 more exploits
Timeline
- CVE Published
- Nov 5, 2025 PoC Published
- Nov 7, 2025 EPSS Score
- Nov 7, 2025 Coalition ESS Score
- Nov 8, 2025 Coalition ESS Score
- Nov 10, 2025 Coalition ESS Score
- Nov 12, 2025 EPSS Score
- Nov 13, 2025 Coalition ESS Score
- Nov 15, 2025 Coalition ESS Score
- Nov 18, 2025 EPSS Score
- Nov 23, 2025 EPSS Score
- Nov 28, 2025 EPSS Score
References
- ALAS2-2026-3173: curl (medium) advisory