ROOT-OS-DEBIAN-12-CVE-2025-10148 CVE-2025-10148 in rootio-curl - Patched by Root

Root has patched CVE-2025-10148 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...

CVE-2015-10148

creationtimestamp| type| source ---|---|--- 2026-04-03 23:07:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mimtl3ymni23 2026-04-04 01:29:22+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3min3ijexda22...

openSUSE 16 Security Update : curl (openSUSE-SU-2025-20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20090-1 advisory. - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes...

CVE-2025-10148 affecting package curl for versions less than 8.11.1-4

CVE-2025-10148 affecting package curl for versions less than 8.11.1-4. A patched version of the package is available...

RockyLinux 9 : python3.11 (RLSA-2025:10148)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10148 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

Security update for curl

This update for curl fixes the following issues: tooloperate: fix return code when --retry is used but not triggered bsc1249367 Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Patch Instructions: To...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Fedora: Security Advisory (FEDORA-2025-97ae15dc56)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2025:03268-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03268-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies c...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:03267-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03267-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server...

SUSE: Security Advisory (SUSE-SU-2025:03173-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:03198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-10148

A flaw was found in curl. The use of a predictable WebSocket mask pattern allows a malicious server to induce traffic that an intermediary proxy whether configured or transparent will misinterpret as a standard HTTP request. This confusion leads to a cache poisoning attack, where the proxy stores...

Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...

AZL-67272 CVE-2025-10148 affecting package curl for versions less than 8.8.0-7

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348. Patch...

CURL-CVE-2025-10148 predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148

creationtimestamp| type| source ---|---|--- 2025-09-10 03:49:32+00:00| seen| https://daniel.haxx.se/blog/2025/09/10/curl-8-16-0/ 2025-09-10 03:58:42+00:00| seen| https://seclists.org/oss-sec/2025/q3/161 2025-09-10 05:58:15+00:00| seen|...