CNNVD-202511-3079 Information

CNNVD ID

CNNVD-202511-3079

Related CVE

CVE-2025-11563

• CNNVD Published: 2025-11-04

Description (Chinese)

curl是cURL开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在路径遍历漏洞，该漏洞源于攻击者可通过wcurl遍历目录，导致在服务根路径外写入文件。

Description (English)

Curl is a tool for the transfer of data from or to the server of the curL open source. Curl has a loophole in the path, which stems from the fact that the attackers can cross the directory through wcurl, leading to the writing of documents outside the service root path.

Vulnerability Type

路径遍历

Affected Vendor

cURL

Published

2025-11-04

Last Modified

2026-02-24

References

https://lists.debian.org/debian-release/2025/11/msg00504.html https://curl.se/docs/CVE-2025-11563.html https://curl.se/docs/CVE-2025-11563.json http://www.openwall.com/lists/oss-security/2025/11/04/1 https://vigilance.fr/vulnerability/curl-directory-traversal-via-wcurl-48656

Patch

https://curl.se/docs/CVE-2025-11563.html