CVE-2025-10966

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl (affected versions not specified)

Description The software lacks proper host verification when establishing SSH connections for SFTP operations using the wolfSSH backend. This flaw allows for man-in-the-middle (MITM) attacks to go undetected, as any host key is accepted. The issue stems from a flaw in the code managing SSH connections.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-322

Related Identifiers

AZL-69748

AZL-69766

BDU:2025-15585

CVE-2025-10966

ECHO-84EB-3F66-73A1

JLSEC-2026-424

OPENSUSE-SU-2025:15757-1

RHSA-2026:6893

Affected Products

Debian

Red Os

Curl

CVE-2025-10966

Weakness Enumeration

Related Identifiers

Affected Products

References · 35