VDB
DEBIAN-CVE-2025-10966
DEBIAN-CVE-2025-10966
PUBLISHED
CVSS 4.300000190734863 MEDIUM
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | curl | 0, 8.14.1-2, * |
| Debian:11 | curl | 8.19.0, 0, 7.74.0-1.3 |
| Debian:12 | curl | 8.8.0-3, 8.13.0-2, 8.13.0-1+exp1 |
| Debian:13 | curl | 8.19.0-1, 8.19.0-1~bpo13+1, 8.19.0-2 |
Timeline
- Nov 7, 2025 CVE Published
- Apr 28, 2026 CVE Updated