CVE-2025-10148
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-12

Last updated on: 2025-11-18

Assigner: curl

Description
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-12
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-09-12
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10148
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
curl curl 8.11.0
curl curl 8.16.0
curl curl 8.15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in curl's websocket code is that it did not update the 32-bit mask pattern for each new outgoing frame as required by the specification. Instead, it used a fixed mask that persisted throughout the entire connection. This predictable mask pattern can be exploited by a malicious server to induce traffic that a proxy might interpret as genuine HTTP traffic, leading to cache poisoning.


How can this vulnerability impact me? :

This vulnerability can allow a malicious server to poison the cache of a proxy by sending traffic that appears as legitimate HTTP content. The poisoned cache content could then be served to all users of that proxy, potentially exposing them to malicious or incorrect data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart