- Description
- curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
- Source
- 2499f714-1537-4658-8207-48ae4bb9eae9
- NVD status
- Analyzed
- Products
- curl
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🚨 CRITICAL: #Fedora 42 users must patch #curl now! CVE-2025-9086: Out-of-bounds read vuln (cookie path) CVE-2025-10148: Predictable WebSocket mask Risks: DoS, info disclosure, MiTM attacks. Read more: 👉 https://t.co/CLbfkTYifp #Security https://t.co/cqMgLtbGaD
@Cezar_H_Linux
21 Sept 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10148 curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and w… https://t.co/xDXY21NXyw
@CVEnew
12 Sept 2025
419 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
curlでSeverity: Lowの脆弱性2件 CVE-2025-10148 predictable WebSocket mask https://t.co/HhmfZBZS2a CVE-2025-9086 Out of bounds read for cookie path https://t.co/cFIv6r9MgP
@autumn_good_35
10 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D88104-00EB-4B8B-88D4-9FCCEF41FA6B",
"versionEndExcluding": "8.16.0",
"versionStartIncluding": "8.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]