Lucene search
K

EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2161)

🗓️ 06 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

EulerOS curl 2.13.0 includes four CVEs: LDAPS TLS option changes, token leakage on redirects, SSH known_hosts misacceptance, and public key auth uses local agent.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(319364);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/06");

  script_cve_id(
    "CVE-2025-14017",
    "CVE-2025-14524",
    "CVE-2025-15079",
    "CVE-2025-15224"
  );

  script_name(english:"EulerOS Virtualization 2.13.0 : curl (EulerOS-SA-2026-2161)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

    When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,changing TLS options in one thread
    would inadvertently change them globally and therefore possibly also affect other concurrently setup
    transfers.Disabling certificate verification for a specific transfer could unintentionally disable the
    feature for other threads as well.(CVE-2025-14017)

    When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol
    redirect to a second URL that uses an IMAP, LDAP,POP3 or SMTP scheme, curl might wrongly pass on the
    bearer token to the new target host.(CVE-2025-14524)

    When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could
    still mistakenly accept connecting to hosts *not present* in the specified file if they were added as
    recognized in the libssh *global* known_hosts file.(CVE-2025-15079)

    When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl
    would wrongly still ask and authenticate using a locally running SSH agent.(CVE-2025-15224)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization curl security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-2161
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?95a4fd0f");
  script_set_attribute(attribute:"solution", value:
"Update the affected curl packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-14017");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcurl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.13.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.13.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.13.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "curl-7.79.1-25.h19.eulerosv2r13",
  "libcurl-7.79.1-25.h19.eulerosv2r13"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Jun 2026 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.16.3
EPSS0.00611
SSVC
9