CVE-2025-5025

ADVISORY - nist

Summary

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

EPSS Score⁠: 0.00018 (0.036)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

6 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-5025⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

4.8medium

Alpine

CREATED

6 months ago

UPDATED

27 days ago

ADVISORY IDCVE-2025-5025⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

6 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-5025⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2025-5025⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Photon

CREATED

1 month ago

UPDATED

25 days ago

ADVISORY ID

CVE-2025-5025

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.8medium

minimos

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

MINI-v932-4r2f-cqgq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY