vulnerability
Amazon Linux 2023: CVE-2025-10966: Medium priority package update for curl
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:C/I:N/A:N) | Nov 7, 2025 | Jan 12, 2026 | Jan 12, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:C/I:N/A:N)
Published
Nov 7, 2025
Added
Jan 12, 2026
Modified
Jan 12, 2026
Description
curl's code for managing SSH connections when SFTP was done using the wolfSSH
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
Solutions
amazon-linux-2023-upgrade-curlamazon-linux-2023-upgrade-curl-debuginfoamazon-linux-2023-upgrade-curl-debugsourceamazon-linux-2023-upgrade-curl-minimalamazon-linux-2023-upgrade-curl-minimal-debuginfoamazon-linux-2023-upgrade-libcurlamazon-linux-2023-upgrade-libcurl-debuginfoamazon-linux-2023-upgrade-libcurl-develamazon-linux-2023-upgrade-libcurl-minimalamazon-linux-2023-upgrade-libcurl-minimal-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.