VDB
DEBIAN-CVE-2025-11563
DEBIAN-CVE-2025-11563
PUBLISHED
CVSS 4.599999904632568 MEDIUM
URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.
Risk Scores
CVSS v3.1
4.599999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | curl | 0, 8.14.1-2, 8.14.1-2+deb13u1 |
| Debian:14 | curl | 0, 8.14.1-2, 8.14.1-2+exp1 |
Timeline
- Feb 25, 2026 CVE Published
- Apr 28, 2026 CVE Updated