CVE-2025-0665
HIGHcurl - Eventfd File Descriptor Double Close in Connection Channel Teardown
Title source: llmDescription
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.
References (6)
Core 6
Core References
Vendor Advisory
https://curl.se/docs/CVE-2025-0665.html
Vendor Advisory
https://curl.se/docs/CVE-2025-0665.json
Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/2954286
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/05/2
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/05/5
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250306-0007/
Scores
CVSS v3
7.0
EPSS
0.0457
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1341
Status
published
Products (8)
curl/curl
8.11.1
haxx/curl
8.11.1
netapp/bootstrap_os
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
Published
Feb 05, 2025
Tracked Since
Feb 18, 2026