8.14.2
8.14.1
8.13.1
8.12.2
8.12.1
8.11.2
8.11.1
8.10.2
8.10.1
8.9.2
8.9.1
8.8.1
8.7.2
8.7.1
8.6.1
8.5.1
8.4.1
8.3.1
8.2.2
8.2.1
8.1.3
8.1.2
8.1.1
8.0.2
8.0.1
7.88.2
7.88.1
7.87.1
7.86.1
7.85.1
7.84.1
7.83.2
7.83.1
7.82.1
7.81.1
7.80.1
7.79.2
7.79.1
7.78.1
7.77.1
7.76.2
7.76.1
7.75.1
7.74.1
7.73.1
7.72.1
7.71.2
7.71.1
7.70.1
7.69.2
7.69.1
7.68.1
7.67.1
7.66.1
7.65.4
7.65.3
7.65.2
7.65.1
7.64.2
7.64.1
7.63.1
7.62.1
7.61.2
7.61.1
7.60.1
7.59.1
7.58.1
CVE-2025-15224 affects versions 8.11.0 through 8.17.0 of curl. This vulnerability allows attackers to bypass SSH authentication during SCP or SFTP transfers, potentially leading to unauthorized data access or system compromise. The vulnerability stems from an incorrect handling of public key authentication within the SSH transfer process. A fix is available in curl version 8.17.1.
The core of this vulnerability lies in curl's mishandling of SSH authentication. When transferring files using SCP or SFTP, curl incorrectly attempts to authenticate using a locally running SSH agent even when public key authentication is requested. This bypass allows an attacker who can control the target system to potentially access files and directories without proper credentials. The impact is particularly severe in environments where SSH keys are used for secure file transfers, as this vulnerability effectively negates the security provided by those keys. Successful exploitation could lead to data exfiltration, modification of sensitive files, or even remote code execution if the transferred files are subsequently executed.
CVE-2025-15224 was publicly disclosed on 2026-01-08. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively straightforward to exploit once a PoC is released.
Systems relying on curl for secure file transfers via SCP or SFTP are at risk, particularly those using public key authentication. This includes automated deployment pipelines, backup systems, and any infrastructure where curl is used to transfer sensitive data. Shared hosting environments where users have limited control over the curl configuration are also potentially vulnerable.
• linux / server:
ps aux | grep curl
journalctl -u curl | grep "SSH_AUTH_SOCK"• generic web:
curl -v https://your-server.com/ # Check for unusual SSH-related headersdisclosure
漏洞利用状态
EPSS
0.08% (24% 百分位)
The primary mitigation for CVE-2025-15224 is to upgrade to curl version 8.17.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as disabling SCP/SFTP transfers or restricting access to the affected curl instances. WAFs and proxies can be configured to inspect and block suspicious SCP/SFTP requests, but this is not a substitute for patching. There are no specific Sigma or YARA rules available at this time, but monitoring SSH authentication attempts and file transfer activity is recommended.
将 curl 版本升级到 8.17.0 以后的版本。这将修复 SSH 密钥密码短语绕过漏洞。您可以从 curl 官方网站或您操作系统的包管理器下载最新版本。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15224 is a vulnerability in curl versions 8.11.0–8.17.0 that allows attackers to bypass SSH authentication during SCP/SFTP transfers, potentially gaining unauthorized access.
You are affected if you are using curl versions 8.11.0 through 8.17.0 and utilize SCP or SFTP for file transfers.
Upgrade to curl version 8.17.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SCP/SFTP transfers.
There is currently no indication of active exploitation in the wild, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is released.
Refer to the official curl security advisory for detailed information and updates: [https://curl.se/security/](https://curl.se/security/)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。