CVE-2025-10966

Published Nov 7, 2025

Last updated 4 months ago

CVSS medium 4.3

Overview

Description
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD status
Analyzed
Products
curl

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2025-10966 impacts curl in 14 Lambda base images. Details: https://t.co/YEdpd3SVED More: https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless

    @LambdaWatchdog

    20 Feb 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-10966 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl … https://t.co/fbVP7KC2H9

    @CVEnew

    7 Nov 2025

    341 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-10966: curl: missing SFTP host verification with wolfSSH https://t.co/jwNnfR9hZL managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

    @oss_security

    7 Nov 2025

    304 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-10966: missing SFTP host verification with wolfSSH https://t.co/MZoZeiZ6x8 #bugbounty #bugbountytips #bugbountytip

    @bountywriteups

    5 Nov 2025

    808 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. cURL 8.17.0 is out today to fix the CVE-2025-10966 #security vulnerability, and also add a notifications API to the multi interface, a --knownhosts to the command line tool, and Apple SecTrust support https://t.co/wRMZNCKJUe #OpenSource #Linux

    @9to5linux

    5 Nov 2025

    2237 Impressions

    8 Retweets

    29 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.CVE-2026-7168
  2. When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.CVE-2026-7009
  3. When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.CVE-2026-6429
  4. Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.CVE-2026-6276
  5. curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxyCVE-2026-6253

References

Sources include official advisories and independent security research.