CVE-2025-13034 — MEDIUM (5.9)

Q: How severe is CVE-2025-13034?

CVE-2025-13034 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-13034?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl.

Vulnerability Description

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Haxx	Curl	>= 8.8.0, < 8.18.0

Related Weaknesses (CWE)

CWE-295

References

https://curl.se/docs/CVE-2025-13034.htmlVendor AdvisoryPatch
https://curl.se/docs/CVE-2025-13034.jsonVendor Advisory

FAQ

What is CVE-2025-13034?

CVE-2025-13034 is a vulnerability with a CVSS score of 5.9 (MEDIUM). When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped i...

How severe is CVE-2025-13034?

CVE-2025-13034 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-13034?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl.