Plataforma
curl
Componente
curl
Corrigido em
8.17.1
8.16.1
8.15.1
8.14.2
8.14.1
8.13.1
8.12.2
8.12.1
8.11.2
8.11.1
8.10.2
8.10.1
8.9.2
8.9.1
8.8.1
8.7.2
8.7.1
8.6.1
8.5.1
8.4.1
8.3.1
8.2.2
8.2.1
8.1.3
8.1.2
8.1.1
8.0.2
8.0.1
7.88.2
7.88.1
7.87.1
7.86.1
7.85.1
7.84.1
7.83.2
7.83.1
7.82.1
7.81.1
7.80.1
7.79.2
7.79.1
7.78.1
7.77.1
7.76.2
7.76.1
7.75.1
7.74.1
7.73.1
7.72.1
7.71.2
7.71.1
7.70.1
7.69.2
7.69.1
7.68.1
7.67.1
7.66.1
7.65.4
7.65.3
7.65.2
7.65.1
7.64.2
7.64.1
7.63.1
7.62.1
7.61.2
7.61.1
7.60.1
7.59.1
7.58.1
CVE-2025-15224 affects versions 8.11.0 through 8.17.0 of curl. This vulnerability allows attackers to bypass SSH authentication during SCP or SFTP transfers, potentially leading to unauthorized data access or system compromise. The vulnerability stems from an incorrect handling of public key authentication within the SSH transfer process. A fix is available in curl version 8.17.1.
The core of this vulnerability lies in curl's mishandling of SSH authentication. When transferring files using SCP or SFTP, curl incorrectly attempts to authenticate using a locally running SSH agent even when public key authentication is requested. This bypass allows an attacker who can control the target system to potentially access files and directories without proper credentials. The impact is particularly severe in environments where SSH keys are used for secure file transfers, as this vulnerability effectively negates the security provided by those keys. Successful exploitation could lead to data exfiltration, modification of sensitive files, or even remote code execution if the transferred files are subsequently executed.
CVE-2025-15224 was publicly disclosed on 2026-01-08. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively straightforward to exploit once a PoC is released.
Systems relying on curl for secure file transfers via SCP or SFTP are at risk, particularly those using public key authentication. This includes automated deployment pipelines, backup systems, and any infrastructure where curl is used to transfer sensitive data. Shared hosting environments where users have limited control over the curl configuration are also potentially vulnerable.
• linux / server:
ps aux | grep curl
journalctl -u curl | grep "SSH_AUTH_SOCK"• generic web:
curl -v https://your-server.com/ # Check for unusual SSH-related headersdisclosure
Status do Exploit
EPSS
0.08% (percentil 24%)
The primary mitigation for CVE-2025-15224 is to upgrade to curl version 8.17.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as disabling SCP/SFTP transfers or restricting access to the affected curl instances. WAFs and proxies can be configured to inspect and block suspicious SCP/SFTP requests, but this is not a substitute for patching. There are no specific Sigma or YARA rules available at this time, but monitoring SSH authentication attempts and file transfer activity is recommended.
Atualize a versão do curl para uma posterior à 8.17.0. Isso corrigirá a vulnerabilidade de omissão da frase de acesso da chave SSH. Você pode baixar a versão mais recente do site oficial do curl ou através do gerenciador de pacotes do seu sistema operacional.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-15224 is a vulnerability in curl versions 8.11.0–8.17.0 that allows attackers to bypass SSH authentication during SCP/SFTP transfers, potentially gaining unauthorized access.
You are affected if you are using curl versions 8.11.0 through 8.17.0 and utilize SCP or SFTP for file transfers.
Upgrade to curl version 8.17.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SCP/SFTP transfers.
There is currently no indication of active exploitation in the wild, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is released.
Refer to the official curl security advisory for detailed information and updates: [https://curl.se/security/](https://curl.se/security/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.