CVE-2025-11563

medium

Red Hat

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 94% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

Low

Published: February 25, 2026 (78 days ago)

Last Modified: February 25, 2026

Vendor: Red Hat

Description

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool.

CWE

CWE-22

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 www.openwall.com 🔗 curl.se

CVE-2025-11563

Vulnerability Report

Description

CWE

References