WebSocket Vulnerability in curl Affects Multiple Versions
CVE-2025-10148

5.3MEDIUM

Key Information:

Vendor: Curl
Status: Curl
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-10148?

The WebSocket implementation in curl has a vulnerability that does not update the 32-bit mask pattern for each new outgoing frame, resulting in a predictable mask. This flaw permits a malicious server to generate traffic that could be misinterpreted as legitimate HTTP traffic by proxies. Consequently, an attacker could poison the cache of such proxies, distributing manipulated content to all users. The risk of serving corrupted data underscores the necessity for immediate remedial actions to safeguard against exploitation.

Affected Version(s)

curl 8.15.0

curl 8.14.1

curl 8.14.0

References

https://curl.se/docs/CVE-2025-10148.json

https://curl.se/docs/CVE-2025-10148.html

https://hackerone.com/reports/3330839

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Sep 9, 2025

Credit

Calvin Ruocco (Vector Informatik GmbH)

Daniel Stenberg

JSON

Curl

What is CVE-2025-10148?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit