Medium severity4.3NVD Advisory· Published Nov 7, 2025· Updated Jun 2, 2026
CVE-2025-10966
CVE-2025-10966
Description
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2025/11/05/2nvdMailing ListPatchThird Party Advisory
- curl.se/docs/CVE-2025-10966.htmlnvdPatchVendor Advisory
- hackerone.com/reports/3355218nvdExploitIssue TrackingThird Party Advisory
- curl.se/docs/CVE-2025-10966.jsonnvdVendor Advisory
- cert-portal.siemens.com/productcert/html/ssa-253495.htmlnvd
News mentions
0No linked articles in our index yet.