Search for vulnerabilities
Vulnerability details: VCID-83qm-twsu-k3hm
Vulnerability ID VCID-83qm-twsu-k3hm
Aliases CVE-2025-4947
Summary libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-4947
cvssv3.1 6.5 https://curl.se/docs/CVE-2025-4947.html
cvssv3.1 Medium https://curl.se/docs/CVE-2025-4947.html
ssvc Track https://curl.se/docs/CVE-2025-4947.html
cvssv3.1 6.5 https://curl.se/docs/CVE-2025-4947.json
ssvc Track https://curl.se/docs/CVE-2025-4947.json
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://hackerone.com/reports/3150884
ssvc Track https://hackerone.com/reports/3150884
archlinux Medium https://security.archlinux.org/AVG-2887
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json
https://api.first.org/data/v1/epss?cve=CVE-2025-4947
https://curl.se/docs/CVE-2025-4947.html
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/3150884
http://www.openwall.com/lists/oss-security/2025/05/28/4
2368887 https://bugzilla.redhat.com/show_bug.cgi?id=2368887
AVG-2887 https://security.archlinux.org/AVG-2887
CVE-2025-4947 https://nvd.nist.gov/vuln/detail/CVE-2025-4947
CVE-2025-4947.json https://curl.se/docs/CVE-2025-4947.json
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://curl.se/docs/CVE-2025-4947.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/ Found at https://curl.se/docs/CVE-2025-4947.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://curl.se/docs/CVE-2025-4947.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/ Found at https://curl.se/docs/CVE-2025-4947.json
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://hackerone.com/reports/3150884
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/ Found at https://hackerone.com/reports/3150884
Exploit Prediction Scoring System (EPSS)
Percentile 0.00787
EPSS Score 0.0001
Published At May 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-05-22T23:43:16.722756+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 36.0.0