CVE-2025-10148

Medium CVSS: 5.3

curl's websocket code did not update the 32 bit mask pattern for each new
outgoing frame as the specification says. Instead it used a fixed mask that
persisted and was used throughout the entire connection.

A predictable mask pattern allows for a malicious server to induce traffic
between the two communicating parties that could be interpreted by an involved
proxy (configured or transparent) as genuine, real, HTTP traffic with content
and thereby poison its cache. That cached poisoned content could then be
served to all users of that proxy.

Vendor

Haxx

Product

Curl

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-09-12 06:15:40

Güncelleme

2026-01-20 14:55:47

Source Identifier

2499f714-1537-4658-8207-48ae4bb9eae9

KEV Date Added

Kategoriler

NVD-CWE-noinfo Curl MEDIUM Haxx 2025

Referanslar

https://curl.se/docs/CVE-2025-10148.html https://curl.se/docs/CVE-2025-10148.json https://hackerone.com/reports/3330839 http://www.openwall.com/lists/oss-security/2025/09/10/2 http://www.openwall.com/lists/oss-security/2025/09/10/3 http://www.openwall.com/lists/oss-security/2025/09/10/4

Benzer Kayıtlar

Medium

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl…

Medium

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses diffe…

High

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already free…

Medium

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r…

Medium

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl…

Low

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly s…