cURL libcurl SSH known_hosts bypass via global file
CVE-2025-15079 Published on January 8, 2026
libssh global known_hosts override
When doing SSH-based transfers using either SCP or SFTP, and setting the
known_hosts file, libcurl could still mistakenly accept connecting to hosts
*not present* in the specified file if they were added as recognized in the
libssh *global* known_hosts file.
Vulnerability Analysis
CVE-2025-15079 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-15079. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Improper Validation of Certificate with Host Mismatch
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
Products Associated with CVE-2025-15079
stack.watch emails you whenever new vulnerabilities are published in Haxx Curl or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
curl:- Version 8.17.0, <= 8.17.0 is affected.
- Version 8.16.0, <= 8.16.0 is affected.
- Version 8.15.0, <= 8.15.0 is affected.
- Version 8.14.1, <= 8.14.1 is affected.
- Version 8.14.0, <= 8.14.0 is affected.
- Version 8.13.0, <= 8.13.0 is affected.
- Version 8.12.1, <= 8.12.1 is affected.
- Version 8.12.0, <= 8.12.0 is affected.
- Version 8.11.1, <= 8.11.1 is affected.
- Version 8.11.0, <= 8.11.0 is affected.
- Version 8.10.1, <= 8.10.1 is affected.
- Version 8.10.0, <= 8.10.0 is affected.
- Version 8.9.1, <= 8.9.1 is affected.
- Version 8.9.0, <= 8.9.0 is affected.
- Version 8.8.0, <= 8.8.0 is affected.
- Version 8.7.1, <= 8.7.1 is affected.
- Version 8.7.0, <= 8.7.0 is affected.
- Version 8.6.0, <= 8.6.0 is affected.
- Version 8.5.0, <= 8.5.0 is affected.
- Version 8.4.0, <= 8.4.0 is affected.
- Version 8.3.0, <= 8.3.0 is affected.
- Version 8.2.1, <= 8.2.1 is affected.
- Version 8.2.0, <= 8.2.0 is affected.
- Version 8.1.2, <= 8.1.2 is affected.
- Version 8.1.1, <= 8.1.1 is affected.
- Version 8.1.0, <= 8.1.0 is affected.
- Version 8.0.1, <= 8.0.1 is affected.
- Version 8.0.0, <= 8.0.0 is affected.
- Version 7.88.1, <= 7.88.1 is affected.
- Version 7.88.0, <= 7.88.0 is affected.
- Version 7.87.0, <= 7.87.0 is affected.
- Version 7.86.0, <= 7.86.0 is affected.
- Version 7.85.0, <= 7.85.0 is affected.
- Version 7.84.0, <= 7.84.0 is affected.
- Version 7.83.1, <= 7.83.1 is affected.
- Version 7.83.0, <= 7.83.0 is affected.
- Version 7.82.0, <= 7.82.0 is affected.
- Version 7.81.0, <= 7.81.0 is affected.
- Version 7.80.0, <= 7.80.0 is affected.
- Version 7.79.1, <= 7.79.1 is affected.
- Version 7.79.0, <= 7.79.0 is affected.
- Version 7.78.0, <= 7.78.0 is affected.
- Version 7.77.0, <= 7.77.0 is affected.
- Version 7.76.1, <= 7.76.1 is affected.
- Version 7.76.0, <= 7.76.0 is affected.
- Version 7.75.0, <= 7.75.0 is affected.
- Version 7.74.0, <= 7.74.0 is affected.
- Version 7.73.0, <= 7.73.0 is affected.
- Version 7.72.0, <= 7.72.0 is affected.
- Version 7.71.1, <= 7.71.1 is affected.
- Version 7.71.0, <= 7.71.0 is affected.
- Version 7.70.0, <= 7.70.0 is affected.
- Version 7.69.1, <= 7.69.1 is affected.
- Version 7.69.0, <= 7.69.0 is affected.
- Version 7.68.0, <= 7.68.0 is affected.
- Version 7.67.0, <= 7.67.0 is affected.
- Version 7.66.0, <= 7.66.0 is affected.
- Version 7.65.3, <= 7.65.3 is affected.
- Version 7.65.2, <= 7.65.2 is affected.
- Version 7.65.1, <= 7.65.1 is affected.
- Version 7.65.0, <= 7.65.0 is affected.
- Version 7.64.1, <= 7.64.1 is affected.
- Version 7.64.0, <= 7.64.0 is affected.
- Version 7.63.0, <= 7.63.0 is affected.
- Version 7.62.0, <= 7.62.0 is affected.
- Version 7.61.1, <= 7.61.1 is affected.
- Version 7.61.0, <= 7.61.0 is affected.
- Version 7.60.0, <= 7.60.0 is affected.
- Version 7.59.0, <= 7.59.0 is affected.
- Version 7.58.0, <= 7.58.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.