Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2025:21077-1

SUSE-SU-2025:21077-1

UNKNOWN

Security update for curl

Published Nov 26, 2025

Modified 1 months ago

Fix available

Details

This update for curl fixes the following issues:

CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)

Other fixes:

tool_operate: fix return code when --retry is used but not triggered (bsc#1249367)

Affected Packages

curl

SUSE Linux Micro 6.2

Fixed in:

8.14.1-160000.3.1

libcurl4

SUSE Linux Micro 6.2

Fixed in:

8.14.1-160000.3.1

References

REPORThttps://bugzilla.suse.com/1249191 REPORThttps://bugzilla.suse.com/1249348 REPORThttps://bugzilla.suse.com/1249367 REPORThttps://bugzilla.suse.com/1253757 WEBhttps://www.suse.com/security/cve/CVE-2025-10148 WEBhttps://www.suse.com/security/cve/CVE-2025-11563 WEBhttps://www.suse.com/security/cve/CVE-2025-9086 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-202521077-1/

Upstream

CVE-2025-10148 CVE-2025-11563 CVE-2025-9086

Related

CVE-2025-10148 CVE-2025-11563 CVE-2025-9086

Ecosystems

SUSE Linux Micro 6.2

Timeline

PublishedNov 26, 2025

ModifiedNov 26, 2025

SUSE-SU-2025:21077-1 | Mondoo Vulnerability Intelligence