CNNVD-202511-817 Information

CNNVD ID

CNNVD-202511-817

Related CVE

CVE-2025-10966

• CNNVD Published: 2025-11-07

Description (Chinese)

curl是cURL开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在安全漏洞，该漏洞源于SFTP使用wolfSSH后端时缺少主机验证机制，可能导致中间人攻击。

Description (English)

Curl is a tool for the transfer of data from or to the server of the curL open source. There is a security loophole in Curl, which stems from the lack of a mainframe validation mechanism when SFTP uses the WolfsSH backend, which could lead to an attack by an intermediary.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

cURL

Published

2025-11-07

Last Modified

2026-02-24

References

https://curl.se/docs/CVE-2025-10966.json https://hackerone.com/reports/3355218 https://curl.se/docs/CVE-2025-10966.html http://www.openwall.com/lists/oss-security/2025/11/05/2 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10966 https://vigilance.fr/vulnerability/curl-Man-in-the-Middle-via-wolfSSH-SFTP-48662

Patch

https://curl.se/download.html