CVE-2025-10966

MEDIUM

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Details

CVSS v3: 4.3
NVD published: 2025-11-07 08:15:39
EPSS: <0.1% probability · 4.3th percentile — 2026-03-16
Affected versions: cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Summary: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
Remediation: Not available in our cache.
Exploit info: https://hackerone.com/reports/3355218

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.