CVE-2025-10966

ADVISORY - nist

Summary

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.

This prevents curl from detecting MITM attackers and more.

EPSS Score⁠: 0.00017 (0.032)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

Impacted images

Advisories

NIST

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-10966⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

4.3medium

Alpine

CREATED

1 month ago

UPDATED

24 days ago

ADVISORY IDCVE-2025-10966⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-10966⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-10966⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-wjwx-mxp5-69f6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY