Sign In

CVE-2025-5025

ADVISORY - nist

Summary

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

EPSS Score: 0.00018 (0.032)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295

Improper Certificate Validation

Impacted images

Advisories

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2025-5025
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
alpine/curlapkalpine3.20<8.14.0-r08.14.0-r0
alpine/curlapkalpine3.23<8.14.0-r08.14.0-r0
alpine/curlapkalpineedge<8.14.0-r08.14.0-r0
alpine/curlapkalpine3.22<8.14.0-r08.14.0-r0
alpine/curlapkalpine3.19<8.14.0-r08.14.0-r0
alpine/curlapkalpine3.21<8.14.0-r08.14.0-r0

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-5025
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-295

CVSS SCORE

4.8medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-5025
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-5025
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2025-5025

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.8medium

minimos

CREATED

UPDATED

ADVISORY ID

MINI-v932-4r2f-cqgq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY