predictable WebSocket mask_CVE-2025-10148

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

curl's websocket code did not update the 32 bit mask pattern for each new
outgoing frame as the specification says. Instead it used a fixed mask that
persisted and was used throughout the entire connection.

A predictable mask pattern allows for a malicious server to induce traffic
between the two communicating parties that could be interpreted by an involved
proxy (configured or transparent) as genuine, real, HTTP traffic with content
and thereby poison its cache. That cached poisoned content could then be
served to all users of that proxy.

Basic Information

ID CVE-2025-10148

Source curl

Published Sep 12, 2025 at 05:10

Modified Sep 12, 2025 at 17:17

Affected Product

Vendor curl

Product curl

Version 8.15.0

Affected Versions curl curl 8.15.0
curl curl 8.14.1
curl curl 8.14.0
curl curl 8.13.0
curl curl 8.12.1
curl curl 8.12.0
curl curl 8.11.1
curl curl 8.11.0

References

{
    "lastseen": "",
    "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.",
    "published": "2025-09-12T05:10:37.469Z",
    "modified": "2025-09-12T17:17:12.815Z",
    "type": "cve",
    "title": "predictable WebSocket mask",
    "source": "curl",
    "references": "https://curl.se/docs/CVE-2025-10148.json\nhttps://curl.se/docs/CVE-2025-10148.html\nhttps://hackerone.com/reports/3330839",
    "id": "CVE-2025-10148",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "curl curl 8.15.0\ncurl curl 8.14.1\ncurl curl 8.14.0\ncurl curl 8.13.0\ncurl curl 8.12.1\ncurl curl 8.12.0\ncurl curl 8.11.1\ncurl curl 8.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "curl",
    "version": "8.15.0",
    "vendor": "curl",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply