cURL is a versatile command-line tool for transferring data over various network protocols, such as HTTP, FTP, and SMTP. Designed for reliability and flexibility, cURL is widely used in web development, automation, and API testing. Its underlying library, libcurl, provides robust data transfer capabilities and is employed by numerous applications and programming languages.

cURL

Libcurl is a client-side URL transfer library that supports various protocols, including HTTP, HTTPS, FTP, LDAP, and many more. It is written in C and provides easy-to-use APIs for programmers. The library is portable and works on numerous platforms, such as Windows, macOS, Linux, and various embedded systems.

Libcurl

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Linux openSUSE

When doing SSH-based transfers using either SCP or SFTP, and setting the
known_hosts file, libcurl could still mistakenly accept connecting to hosts
*not present* in the specified file if they were added as recognized in the
libssh *global* known_hosts file.

CVE-2025-15079

Alpine

Linux Alpine

Alpine Security Tracker

Debian

Debian Security Tracker

Echo

MinimOS

Minimus

Seal Security

Ubuntu

Linux Ubuntu

Ubuntu Security Tracker

Linux

Linux Kernel

Windows

Windows Cumulative Update

VulnCheck NVD++

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-15079	MEDIUM	5.3	cURL	libcurl-devel	No	Yes	Jan 08, 2026
CVE-2025-14819	MEDIUM	5.3	cURL	libcurl-devel-32bit	No	Yes	Jan 08, 2026
CVE-2025-14524	MEDIUM	5.3	cURL	seal-curl	No	Yes	Jan 08, 2026
CVE-2025-15224	LOW	3.1	cURL	seal-curl	No	Yes	Jan 08, 2026
CVE-2025-14017	N/A	N/A	cURL	curl-minimal	No	Yes	Jan 08, 2026

CVE-2025-15079:
cURL vulnerability analysis and mitigation

5.3

Related cURL vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-15079: cURL vulnerability analysis and mitigation