CVE-2025-10966EPSS p28.2%

CVE-2025-10966CVE-2025-10966

haxx / curl

Description

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

Scoring

CVSS 4.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS0.36% probability of exploitation · percentile 28.2% · 2026-06-18T12:00:27Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11625
CVE
CVE-2025-15382
CVE
CVE-2026-46595
CVE
CVE-2026-3784
CVE
CVE-2025-5318
CVE
CrushFTP Unprotected Alternate Channel Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.