{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4947", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "state": "PUBLISHED", "assignerShortName": "curl", "dateReserved": "2025-05-19T06:09:52.737Z", "datePublished": "2025-05-28T06:29:34.974Z", "dateUpdated": "2025-05-28T13:58:33.430Z"}, "containers": {"cna": {"title": "QUIC certificate check skip with wolfSSL", "descriptions": [{"lang": "en", "value": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks."}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2025-05-28T06:29:34.974Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.13.0", "status": "affected", "lessThanOrEqual": "8.13.0", "versionType": "semver"}, {"version": "8.12.1", "status": "affected", "lessThanOrEqual": "8.12.1", "versionType": "semver"}, {"version": "8.12.0", "status": "affected", "lessThanOrEqual": "8.12.0", "versionType": "semver"}, {"version": "8.11.1", "status": "affected", "lessThanOrEqual": "8.11.1", "versionType": "semver"}, {"version": "8.11.0", "status": "affected", "lessThanOrEqual": "8.11.0", "versionType": "semver"}, {"version": "8.10.1", "status": "affected", "lessThanOrEqual": "8.10.1", "versionType": "semver"}, {"version": "8.10.0", "status": "affected", "lessThanOrEqual": "8.10.0", "versionType": "semver"}, {"version": "8.9.1", "status": "affected", "lessThanOrEqual": "8.9.1", "versionType": "semver"}, {"version": "8.9.0", "status": "affected", "lessThanOrEqual": "8.9.0", "versionType": "semver"}, {"version": "8.8.0", "status": "affected", "lessThanOrEqual": "8.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2025-4947.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2025-4947.html", "name": "www"}, {"url": "https://hackerone.com/reports/3150884", "name": "issue"}], "credits": [{"lang": "en", "value": "Hiroki Kurosawa", "type": "finder"}, {"lang": "en", "value": "Stefan Eissing", "type": "remediation developer"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/28/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-28T08:03:56.748Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T13:57:59.462879Z", "id": "CVE-2025-4947", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:58:33.430Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/28/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-05-28T08:03:56.748Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4947", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-28T13:57:59.462879Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T13:58:29.183Z"}}], "cna": {"title": "QUIC certificate check skip with wolfSSL", "credits": [{"lang": "en", "type": "finder", "value": "Hiroki Kurosawa"}, {"lang": "en", "type": "remediation developer", "value": "Stefan Eissing"}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"status": "affected", "version": "8.13.0", "versionType": "semver", "lessThanOrEqual": "8.13.0"}, {"status": "affected", "version": "8.12.1", "versionType": "semver", "lessThanOrEqual": "8.12.1"}, {"status": "affected", "version": "8.12.0", "versionType": "semver", "lessThanOrEqual": "8.12.0"}, {"status": "affected", "version": "8.11.1", "versionType": "semver", "lessThanOrEqual": "8.11.1"}, {"status": "affected", "version": "8.11.0", "versionType": "semver", "lessThanOrEqual": "8.11.0"}, {"status": "affected", "version": "8.10.1", "versionType": "semver", "lessThanOrEqual": "8.10.1"}, {"status": "affected", "version": "8.10.0", "versionType": "semver", "lessThanOrEqual": "8.10.0"}, {"status": "affected", "version": "8.9.1", "versionType": "semver", "lessThanOrEqual": "8.9.1"}, {"status": "affected", "version": "8.9.0", "versionType": "semver", "lessThanOrEqual": "8.9.0"}, {"status": "affected", "version": "8.8.0", "versionType": "semver", "lessThanOrEqual": "8.8.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2025-4947.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2025-4947.html", "name": "www"}, {"url": "https://hackerone.com/reports/3150884", "name": "issue"}], "descriptions": [{"lang": "en", "value": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2025-05-28T06:29:34.974Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4947", "state": "PUBLISHED", "dateUpdated": "2025-05-28T13:58:33.430Z", "dateReserved": "2025-05-19T06:09:52.737Z", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "datePublished": "2025-05-28T06:29:34.974Z", "assignerShortName": "curl"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFF5268-7985-46A1-A71F-9E1586E9E22E", "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks."}, {"lang": "es", "value": "libcurl omite accidentalmente la verificaci\u00f3n del certificado para conexiones QUIC al conectarse a un host especificado como direcci\u00f3n IP en la URL. Por lo tanto, no detecta impostores ni ataques de intermediario."}], "id": "CVE-2025-4947", "lastModified": "2025-06-26T15:08:21.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-28T07:15:24.780", "references": [{"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Vendor Advisory", "Patch"], "url": "https://curl.se/docs/CVE-2025-4947.html"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2025-4947.json"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "tags": ["Exploit", "Patch", "Issue Tracking"], "url": "https://hackerone.com/reports/3150884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/05/28/4"}], "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libcurl: curl: QUIC certificate check skip with wolfSSL", "id": "2368887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368887"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "A vulnerability was found in curl. When using WolfSSL as the TLS library, it skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. This can result in curl being unable to detect illegitimate servers or man-in-the-middle attacks, potentially leading to unauthorized connections to malicious hosts or the interception of sensitive communications.\nThis issue only affects instances of curl and libcurl using WolfSSL as the backend TLS library."], "name": "CVE-2025-4947", "package_state": [{"cpe": "cpe:/a:redhat:confidential_compute_attestation:1", "fix_state": "Not affected", "package_name": "confidential-compute-attestation-tech-preview/trustee-rhel9", "product_name": "Confidential Compute Attestation"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "snphost", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "snphost", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "trustee-guest-components", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Not affected", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2025-05-28T06:29:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4947\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4947\nhttps://curl.se/docs/CVE-2025-4947.html\nhttps://curl.se/docs/CVE-2025-4947.json\nhttps://hackerone.com/reports/3150884"], "statement": "This vulnerability doesn't impact any Red Hat supported curl versions, as Red Hat doesn't ship WolfSSL TLS library in any product.", "threat_severity": "Moderate"}