CVE-2025-10966: missing SFTP host verification with wolfSSH

Overview

Severity

Medium (CVSS 6.8)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploit Status

Not Exploited

Patch Tuesday

2025-Nov

Released

2025-11-08

Last Updated

2026-03-10

EPSS Score

0.02% (percentile: 5.3%)

Affected Products (15)

Other

• 20563-17084
• 20620-17084
• 17667-17084
• 20610-17086
• 20692-17086
• 20870-17086
• 20974-17084
• 20562-17084
• 20529-17086
• 20542-17086
• 19668-17086
• 20872-17084

Open Source Software

• azl3 rust 1.75.0-21 on Azure Linux 3.0
• cbl2 rust 1.72.0-11 on CBL Mariner 2.0
• azl3 rust 1.86.0-9 on Azure Linux 3.0

Revision History

• 2025-11-08: Information published.
• 2025-12-06: Information published.
• 2026-02-18: Information published.
• 2026-03-04: Information published.
• 2026-03-10: Information published.