Detections
Analytics

Curl 8.11.0 < 8.16.0 Predictable WebSocket Mask (CVE-2025-10148)

low Nessus Plugin ID 264604

Language:

Synopsis

The remote host has a program that is missing security update

Description

The version of Curl installed on the remote host is 8.11.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10148 advisory.

 - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy. (CVE-2025-10148)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Curl to version 8.16.0 or later

See Also

https://curl.se/docs/CVE-2025-10148.html

Plugin Details

Severity: Low

ID: 264604

File Name: curl_CVE-2025-10148.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 9/12/2025

Updated: 9/12/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.9

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2025-10148

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:haxx:curl

Required KB Items: installed_sw/Curl

Patch Publication Date: 9/10/2025

Vulnerability Publication Date: 9/10/2025

Reference Information

CVE: CVE-2025-10148

IAVA: 2025-A-0657