{“lastseen”:””,”description”:”When doing SSH-based transfers using either SCP or SFTP, and asked to do\\npublic key authentication, curl would wrongly still ask and authenticate using\\na locally running SSH agent.”,”published”:”2026-01-08T10:08:27.516Z”,”modified”:”2026-01-08T14:39:55.278Z”,”type”:”cve”,”title”:”libssh key passphrase bypass without agent set”,”source”:”curl”,”references”:”https:\/\/curl.se\/docs\/CVE-2025-15224.json\\nhttps:\/\/curl.se\/docs\/CVE-2025-15224.html\\nhttps:\/\/hackerone.com\/reports\/3480925″,”id”:”CVE-2025-15224″,”bulletinFamily”:””,”cwe”:[“CWE-287″],”cvelist”:null,”sourceData”:”curl curl 8.17.0\\ncurl curl 8.16.0\\ncurl curl 8.15.0\\ncurl curl 8.14.1\\ncurl curl 8.14.0\\ncurl curl 8.13.0\\ncurl curl 8.12.1\\ncurl curl 8.12.0\\ncurl curl 8.11.1\\ncurl curl 8.11.0\\ncurl curl 8.10.1\\ncurl curl 8.10.0\\ncurl curl 8.9.1\\ncurl curl 8.9.0\\ncurl curl 8.8.0\\ncurl curl 8.7.1\\ncurl curl 8.7.0\\ncurl curl 8.6.0\\ncurl curl 8.5.0\\ncurl curl 8.4.0\\ncurl curl 8.3.0\\ncurl curl 8.2.1\\ncurl curl 8.2.0\\ncurl curl 8.1.2\\ncurl curl 8.1.1\\ncurl curl 8.1.0\\ncurl curl 8.0.1\\ncurl curl 8.0.0\\ncurl curl 7.88.1\\ncurl curl 7.88.0\\ncurl curl 7.87.0\\ncurl curl 7.86.0\\ncurl curl 7.85.0\\ncurl curl 7.84.0\\ncurl curl 7.83.1\\ncurl curl 7.83.0\\ncurl curl 7.82.0\\ncurl curl 7.81.0\\ncurl curl 7.80.0\\ncurl curl 7.79.1\\ncurl curl 7.79.0\\ncurl curl 7.78.0\\ncurl curl 7.77.0\\ncurl curl 7.76.1\\ncurl curl 7.76.0\\ncurl curl 7.75.0\\ncurl curl 7.74.0\\ncurl curl 7.73.0\\ncurl curl 7.72.0\\ncurl curl 7.71.1\\ncurl curl 7.71.0\\ncurl curl 7.70.0\\ncurl curl 7.69.1\\ncurl curl 7.69.0\\ncurl curl 7.68.0\\ncurl curl 7.67.0\\ncurl curl 7.66.0\\ncurl curl 7.65.3\\ncurl curl 7.65.2\\ncurl curl 7.65.1\\ncurl curl 7.65.0\\ncurl curl 7.64.1\\ncurl curl 7.64.0\\ncurl curl 7.63.0\\ncurl curl 7.62.0\\ncurl curl 7.61.1\\ncurl curl 7.61.0\\ncurl curl 7.60.0\\ncurl curl 7.59.0\\ncurl curl 7.58.0″,”sourceHref”:””,”cvss”:{“score”:3.1,”severity”:”LOW”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”curl”,”version”:”8.17.0″,”vendor”:”curl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”When doing SSH-based transfers using either SCP or SFTP, and asked to do\\npublic key authentication, curl would wrongly still ask and authenticate using\\na locally running…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,133,12,71,13,7,11,5],"class_list":["post-34633","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-31","tag-exploit","tag-low","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n