CVE-2025-5025

MEDIUM LAB

libcurl - TLS Pinning

Title source: llm

Description

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.

Exploits (1)

nomisec WORKING POC

by KiPhuong · poc

https://github.com/KiPhuong/cve-2025-5025

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://curl.se/docs/CVE-2025-5025.html

[Vendor Advisory] https://curl.se/docs/CVE-2025-5025.json

[Exploit, Issue Tracking, Third Party Advisory] https://hackerone.com/reports/3153497

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/05/28/5

Scores

CVSS v3 4.8

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull kiphuong/real-server:latest

docker pull kiphuong/fake-server:latest

docker pull kiphuong/client:latest

https://github.com/KiPhuong/cve-2025-5025

View in Library

Details

CWE

CWE-295

Status published

Products (1)

haxx/curl 8.5.0 - 8.14.0

Published May 28, 2025

Tracked Since Feb 18, 2026