SB2025091034 - Multiple vulnerabilities in cURL

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-9086)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when reading cookie path. A malicious server can set a specially crafted cookie path using the secure keyword, trigger an out-of-bounds read error and crash the application.

2) Use of insufficiently random values (CVE-ID: CVE-2025-10148)

The vulnerability allows a remote attacker to perform cache poisoning. 

The vulnerability exists due to the websocket code does not update the 32 bit mask pattern for each new outgoing frame as the specification says.Instead it used a fixed mask that persisted and was used throughout the entire connection. As a result, a malicious server can induce traffic between the two communicating parties that can be interpreted by an involved proxy and poison cached content. 

Remediation

Install update from vendor's website.

References

• https://curl.se/docs/CVE-2025-9086.html
• https://curl.se/docs/CVE-2025-10148.html