Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-11563

Summary
Assigner-curl
Assigner Org ID-2499f714-1537-4658-8207-48ae4bb9eae9
Published At-25 Feb, 2026 | 07:20
Updated At-25 Feb, 2026 | 18:53
Rejected At-
Credits

wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:curl
Assigner Org ID:2499f714-1537-4658-8207-48ae4bb9eae9
Published At:25 Feb, 2026 | 07:20
Updated At:25 Feb, 2026 | 18:53
Rejected At:
â–¼CVE Numbering Authority (CNA)
wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.

Affected Products
Vendor
CURLcurl
Product
curl
Default Status
unaffected
Versions
Affected
  • From 8.17.0 through 8.17.0 (semver)
  • From 8.16.0 through 8.16.0 (semver)
  • From 8.15.0 through 8.15.0 (semver)
  • From 8.14.1 through 8.14.1 (semver)
  • From 8.14.0 through 8.14.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-35 Path Traversal
Type: N/A
CWE ID: N/A
Description: CWE-35 Path Traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Stanislav Fort (Aisle Research)
remediation developer
Samuel Henrique
remediation developer
Sergio Durigan Junior
remediation developer
Xi Ruoyao
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://curl.se/docs/CVE-2025-11563.json
N/A
https://curl.se/docs/CVE-2025-11563.html
N/A
Hyperlink: https://curl.se/docs/CVE-2025-11563.json
Resource: N/A
Hyperlink: https://curl.se/docs/CVE-2025-11563.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/11/04/1
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/11/04/1
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-release/2025/11/msg00504.html
release-notes
Hyperlink: https://lists.debian.org/debian-release/2025/11/msg00504.html
Resource:
release-notes
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:2499f714-1537-4658-8207-48ae4bb9eae9
Published At:25 Feb, 2026 | 08:16
Updated At:26 Feb, 2026 | 20:06

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CPE Matches
CURL
curl
>>wcurl>>Versions from 2024-12-08(inclusive) to 2025-11-09(exclusive)
cpe:2.3:a:curl:wcurl:*:*:*:*:*:*:*:*
CURL
haxx
>>curl>>Versions from 8.14.0(inclusive) to 8.18.0(exclusive)
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://curl.se/docs/CVE-2025-11563.html2499f714-1537-4658-8207-48ae4bb9eae9
Patch
Vendor Advisory
https://curl.se/docs/CVE-2025-11563.json2499f714-1537-4658-8207-48ae4bb9eae9
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/04/1af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.debian.org/debian-release/2025/11/msg00504.html134c704f-9b21-4f2e-91b3-4a467353bcc0
Mailing List
Third Party Advisory
Patch
Hyperlink: https://curl.se/docs/CVE-2025-11563.html
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource:
Patch
Vendor Advisory
Hyperlink: https://curl.se/docs/CVE-2025-11563.json
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2025/11/04/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-release/2025/11/msg00504.html
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Mailing List
Third Party Advisory
Patch

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2010-3842
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.90% / 75.34%
||
7 Day CHG~0.00%
Published-27 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

Action-Not Available
Vendor-n/aCURL
Product-curln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-27534
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.89%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 00:00
Updated-23 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)CURLNetApp, Inc.Fedora ProjectBroadcom Inc.
Product-universal_forwarderh500sh410s_firmwarefedorah300s_firmwareactive_iq_unified_managerh500s_firmwareh700s_firmwareh410scurlh700sh300sbrocade_fabric_operating_system_firmwarehttps://github.com/curl/curl
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-54292
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.96%
||
7 Day CHG~0.00%
Published-02 Oct, 2025 | 09:26
Updated-10 Dec, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Client-Side Path Traversal in LXD-UI

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

Action-Not Available
Vendor-Canonical Ltd.
Product-lxdLXD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3538
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 29.55%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:53
Updated-06 Aug, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a certain REST API endpoint of Cisco&nbsp;Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found