{"id":"CVE-2025-4947","summary":"QUIC certificate check skip with wolfSSL","details":"libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.","aliases":["CURL-CVE-2025-4947"],"modified":"2026-05-18T05:57:31.075115472Z","published":"2025-05-28T06:29:34.974Z","related":["SUSE-SU-2025:03198-1","SUSE-SU-2025:20675-1","openSUSE-SU-2025:15176-1"],"database_specific":{"cna_assigner":"curl","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"8.13.0"},{"last_affected":"8.12.1"},{"last_affected":"8.12.0"},{"last_affected":"8.11.1"},{"last_affected":"8.11.0"},{"last_affected":"8.10.1"},{"last_affected":"8.10.0"},{"last_affected":"8.9.1"},{"last_affected":"8.9.0"},{"last_affected":"8.8.0"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4947.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/05/28/4"},{"type":"WEB","url":"https://curl.se/docs/CVE-2025-4947.html"},{"type":"WEB","url":"https://curl.se/docs/CVE-2025-4947.json"},{"type":"WEB","url":"https://hackerone.com/reports/3150884"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4947.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4947"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"fd567d4f06857f4fc8e2f64ea727b1318f76ad33"},{"fixed":"4dacb79fcdd9364c1083e06f6a011d797a344f47"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"8.8.0"},{"fixed":"8.14.0"}],"cpe":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"}}],"versions":["curl-8_13_0","curl-8_12_1","curl-8_12_0","curl-8_11_1","curl-8_11_0","curl-8_10_1","curl-8_10_0","curl-8_9_1","curl-8_9_0","curl-8_8_0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4947.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}