Loading HuntDB...

CVE-2025-4947

UNKNOWN
Published 2025-05-28T06:29:34.974Z
Actions:

CVSS Score

V3.1
6.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

Available Exploits

No exploits available for this CVE.

Related News

[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL

Posted by Daniel Stenberg on May 27QUIC certificate check skip with wolfSSL ======================================== Project curl Security Advisory, May 28 2025 - [Permalink](https://curl.se/docs/CVE-2025-4947.html) VULNERABILITY ------------- libcurl acci…

Seclists.org 2025-05-28 05:51

Affected Products

References

Published: 2025-05-28T06:29:34.974Z
Last Modified: 2025-05-28T13:58:33.430Z
Copied to clipboard!