Multiple vulnerabilities in cURL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-5025 CVE-2025-4947 |
| CWE-ID | CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
cURL Client/Desktop applications / Other client software |
| Vendor | curl.haxx.se |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Certificate Validation
EUVDB-ID: #VU109885
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-5025
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to libcurl does not perform pinning of the server certificate public key for HTTPS transfers when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. A remote attacker can perform Man-in-the-middle (MitM) attack and track the victim into connecting to a malicious server.
MitigationInstall updates from vendor's website.
Vulnerable software versionscURL: 8.5.0 - 8.13.0
CPE2.3- cpe:2.3:a:curl_haxx_se:curl:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl_haxx_se:curl:8.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl_haxx_se:curl:8.7.0:*:*:*:*:*:*:*
https://curl.se/docs/CVE-2025-5025.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Certificate Validation
EUVDB-ID: #VU109884
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-4947
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing certificate validation for QUIC connections when connecting to a host specified as an IP address in the URL. A remote attacker can perform Man-in-the-middle (MitM) attack.
Note, successful exploitation of the vulnerability requires wolfSSL to be used as the TLS backend for QUIC to trigger.
MitigationInstall updates from vendor's website.
Vulnerable software versionscURL: 8.8.0 - 8.13.0
CPE2.3- cpe:2.3:a:curl_haxx_se:curl:8.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl_haxx_se:curl:8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:curl_haxx_se:curl:8.9.1:*:*:*:*:*:*:*
https://curl.se/docs/CVE-2025-4947.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
