CVE-2025-15079

ADVISORY - nist

Summary

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.

EPSS Score⁠: 0.00031 (0.087)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-297⁠

Improper Validation of Certificate with Host Mismatch

Impacted images

Advisories

NIST

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-15079⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-297⁠

CVSS SCORE

5.3medium

Alpine

CREATED

4 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2025-15079⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2025-15079⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2025-15079⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow