CURL-CVE-2025-15079

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2025-15079.html

Import Source

https://curl.se/docs/CURL-CVE-2025-15079.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2025-15079

Aliases

CVE-2025-15079

Published

2026-01-07T08:00:00Z

Modified

2026-01-09T05:51:59.157439Z

Summary

libssh global known_hosts override

Details

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* knownhosts file.

Database specific

{
    "CWE": {
        "id": "CWE-297",
        "desc": "Improper Validation of Certificate with Host Mismatch"
    },
    "www": "https://curl.se/docs/CVE-2025-15079.html",
    "severity": "Low",
    "URL": "https://curl.se/docs/CVE-2025-15079.json",
    "issue": "https://hackerone.com/reports/3477116",
    "affects": "both",
    "award": {
        "currency": "USD",
        "amount": "505"
    },
    "package": "curl",
    "last_affected": "8.17.0"
}

References

Credits

- Harry Sintonen - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.58.0

Fixed

8.18.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

c92d2e14cfb0db662f958effd2ac86f995cf1b5a

Fixed

adca486c125d9a6d9565b9607a19dce803a8b479

Affected versions

7.*

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.14.0

8.14.1

8.15.0

8.16.0

8.17.0

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Database specific

source

"https://curl.se/docs/CURL-CVE-2025-15079.json"

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CURL-CVE-2025-15079-2a01c048",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "154575153157544741194860835334875511962",
                "309481514725220947052872221583547583347",
                "254045176640521679480925776028254756608",
                "140624623419491185855662600675706734772"
            ]
        },
        "source": "https://github.com/curl/curl.git/commit/adca486c125d9a6d9565b9607a19dce803a8b479",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "lib/vssh/libssh.c"
        }
    },
    {
        "deprecated": false,
        "id": "CURL-CVE-2025-15079-95faa990",
        "digest": {
            "length": 2963.0,
            "function_hash": "179759690000595925597507395316046644025"
        },
        "source": "https://github.com/curl/curl.git/commit/adca486c125d9a6d9565b9607a19dce803a8b479",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "lib/vssh/libssh.c",
            "function": "myssh_connect"
        }
    }
]