CVE-2025-4947
UNKNOWN
Published 2025-05-28T06:29:34.974Z
Actions:
CVSS Score
V3.1
6.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A
Impact: N/A
Attack Vector Metrics
Impact Metrics
Description
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
Available Exploits
No exploits available for this CVE.
Related News
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL
Posted by Daniel Stenberg on May 27QUIC certificate check skip with wolfSSL ======================================== Project curl Security Advisory, May 28 2025 - [Permalink](https://curl.se/docs/CVE-2025-4947.html) VULNERABILITY ------------- libcurl acci…
Seclists.org
2025-05-28 05:51
Affected Products
References
Published: 2025-05-28T06:29:34.974Z
Last Modified: 2025-05-28T13:58:33.430Z
Copied to clipboard!