CVE-2025-15224

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl (affected versions not specified)

Description A key passphrase bypass is present in libssh when an agent is not set. This issue was discovered through analysis using curl. The potential impact is currently unknown. The vulnerability affects curl in Debian Linux.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2026-03387

CVE-2025-15224

ECHO-A8E4-F399-F8EC

JLSEC-2026-431

MGASA-2026-0003

OESA-2026-1190

OESA-2026-1191

OESA-2026-1192

OESA-2026-1193

OESA-2026-1194

OESA-2026-1195

OPENSUSE-SU-2026:10017-1

OPENSUSE-SU-2026:20031-1

RHSA-2026:6893

SUSE-SU-2026:0050-1

SUSE-SU-2026:0051-1

SUSE-SU-2026:0052-1

SUSE-SU-2026:0508-1

SUSE-SU-2026:20042-1

SUSE-SU-2026:20062-1

SUSE-SU-2026:20082-1

SUSE-SU-2026:20110-1

USN-8062-1

USN-8062-2

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Curl

Libssh

CVE-2025-15224

Weakness Enumeration

Related Identifiers

Affected Products

References · 90