CVE-2025-4947
ADVISORY - nistSummary
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
EPSS Score: 0.00017 (0.029)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Certificate Validation
Alpine
CREATED
UPDATED
ADVISORY IDCVE-2025-4947
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| alpine/curl | apk | alpine | 3.20 | <8.14.0-r0 | 8.14.0-r0 |
| alpine/curl | apk | alpine | 3.22 | <8.14.0-r0 | 8.14.0-r0 |
| alpine/curl | apk | alpine | 3.21 | <8.14.0-r0 | 8.14.0-r0 |
| alpine/curl | apk | alpine | edge | <8.14.0-r0 | 8.14.0-r0 |
| alpine/curl | apk | alpine | 3.23 | <8.14.0-r0 | 8.14.0-r0 |
| alpine/curl | apk | alpine | 3.19 | <8.14.0-r0 | 8.14.0-r0 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-4947
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2025-4947
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2025-4947
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2025-4947
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.5mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-cqv8-h4hv-gqgj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-