Vulnerability-Lookup

MSRC_CVE-2025-10148

Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2026-02-18 01:18

Summary

predictable WebSocket mask

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-10148 predictable WebSocket mask - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-10148.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "predictable WebSocket mask",
    "tracking": {
      "current_release_date": "2026-02-18T01:18:21.000Z",
      "generator": {
        "date": "2026-02-18T08:13:03.997Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-10148",
      "initial_release_date": "2025-09-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-11T01:01:33.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-02-18T01:18:21.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 curl 8.11.1-3",
                "product": {
                  "name": "\u003cazl3 curl 8.11.1-3",
                  "product_id": "12"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 curl 8.11.1-3",
                "product": {
                  "name": "azl3 curl 8.11.1-3",
                  "product_id": "19252"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 curl 8.8.0-7",
                "product": {
                  "name": "\u003ccbl2 curl 8.8.0-7",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 curl 8.8.0-7",
                "product": {
                  "name": "cbl2 curl 8.8.0-7",
                  "product_id": "20542"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 curl 8.11.1-4",
                "product": {
                  "name": "\u003cazl3 curl 8.11.1-4",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 curl 8.11.1-4",
                "product": {
                  "name": "azl3 curl 8.11.1-4",
                  "product_id": "20562"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 curl 8.8.0-6",
                "product": {
                  "name": "\u003ccbl2 curl 8.8.0-6",
                  "product_id": "9"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 curl 8.8.0-6",
                "product": {
                  "name": "cbl2 curl 8.8.0-6",
                  "product_id": "19799"
                }
              }
            ],
            "category": "product_name",
            "name": "curl"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 mysql 8.0.43-1",
                "product": {
                  "name": "cbl2 mysql 8.0.43-1",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "mysql"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 cmake 3.30.3-9",
                "product": {
                  "name": "\u003cazl3 cmake 3.30.3-9",
                  "product_id": "8"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 cmake 3.30.3-9",
                "product": {
                  "name": "azl3 cmake 3.30.3-9",
                  "product_id": "20416"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 cmake 3.30.3-10",
                "product": {
                  "name": "\u003cazl3 cmake 3.30.3-10",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 cmake 3.30.3-10",
                "product": {
                  "name": "azl3 cmake 3.30.3-10",
                  "product_id": "20563"
                }
              }
            ],
            "category": "product_name",
            "name": "cmake"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 rust 1.72.0-10",
                "product": {
                  "name": "cbl2 rust 1.72.0-10",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "rust"
          },
          {
            "category": "product_name",
            "name": "azl3 rust 1.75.0-18",
            "product": {
              "name": "azl3 rust 1.75.0-18",
              "product_id": "6"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 rust 1.86.0-6",
            "product": {
              "name": "azl3 rust 1.86.0-6",
              "product_id": "7"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 tensorflow 2.16.1-9",
            "product": {
              "name": "azl3 tensorflow 2.16.1-9",
              "product_id": "13"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 mysql 8.0.43-1",
            "product": {
              "name": "azl3 mysql 8.0.43-1",
              "product_id": "4"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 mysql 8.0.43-1",
            "product": {
              "name": "cbl2 mysql 8.0.43-1",
              "product_id": "11"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 rust 1.72.0-10",
            "product": {
              "name": "cbl2 rust 1.72.0-10",
              "product_id": "14"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 curl 8.11.1-3 as a component of Azure Linux 3.0",
          "product_id": "17084-12"
        },
        "product_reference": "12",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 curl 8.11.1-3 as a component of Azure Linux 3.0",
          "product_id": "19252-17084"
        },
        "product_reference": "19252",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.75.0-18 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.86.0-6 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
          "product_id": "17084-13"
        },
        "product_reference": "13",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 curl 8.8.0-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 curl 8.8.0-7 as a component of CBL Mariner 2.0",
          "product_id": "20542-17086"
        },
        "product_reference": "20542",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 curl 8.11.1-4 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 curl 8.11.1-4 as a component of Azure Linux 3.0",
          "product_id": "20562-17084"
        },
        "product_reference": "20562",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 curl 8.8.0-6 as a component of CBL Mariner 2.0",
          "product_id": "17086-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 curl 8.8.0-6 as a component of CBL Mariner 2.0",
          "product_id": "19799-17086"
        },
        "product_reference": "19799",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 cmake 3.30.3-9 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 cmake 3.30.3-9 as a component of Azure Linux 3.0",
          "product_id": "20416-17084"
        },
        "product_reference": "20416",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
          "product_id": "17086-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 mysql 8.0.43-1 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 mysql 8.0.43-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
          "product_id": "17086-14"
        },
        "product_reference": "14",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 cmake 3.30.3-10 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 cmake 3.30.3-10 as a component of Azure Linux 3.0",
          "product_id": "20563-17084"
        },
        "product_reference": "20563",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-10148",
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-13",
            "17086-11"
          ]
        },
        {
          "label": "vulnerable_code_not_in_execute_path",
          "product_ids": [
            "17084-6",
            "17084-7",
            "17086-14"
          ]
        },
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "17084-4"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19252-17084",
          "20542-17086",
          "20562-17084",
          "19799-17086",
          "20416-17084",
          "20563-17084"
        ],
        "known_affected": [
          "17084-12",
          "17086-3",
          "17084-2",
          "17086-9",
          "17086-5",
          "17084-8",
          "17086-10",
          "17084-1"
        ],
        "known_not_affected": [
          "17084-6",
          "17084-7",
          "17084-13",
          "17084-4",
          "17086-11",
          "17086-14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-10148 predictable WebSocket mask - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-10148.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-09-11T01:01:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-5"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-11T01:01:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-10"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-11T01:01:33.000Z",
          "details": "8.11.1-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-12",
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-11T01:01:33.000Z",
          "details": "8.8.0-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-3",
            "17086-9"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-11T01:01:33.000Z",
          "details": "3.30.3-10:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-8",
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "17084-12",
            "17086-3",
            "17084-2",
            "17086-9",
            "17086-5",
            "17084-8",
            "17086-10",
            "17084-1"
          ]
        }
      ],
      "title": "predictable WebSocket mask"
    }
  ]
}

CVE-2025-10148 (GCVE-0-2025-10148)

Vulnerability from cvelistv5 – Published: 2025-09-12 05:10 – Updated: 2025-11-18 20:05

Title

predictable WebSocket mask

Summary

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-340 Generation of Predictable Numbers or Identifiers

Assigner

curl

References

URL

Tags

	https://curl.se/docs/CVE-2025-10148.json
	https://curl.se/docs/CVE-2025-10148.html
	https://hackerone.com/reports/3330839

Impacted products

	Vendor	Product	Version
	curl	curl	Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver)

Credits

Calvin Ruocco (Vector Informatik GmbH) Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-12T17:16:46.486840Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-12T17:17:12.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-18T20:05:32.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/10/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/10/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/10/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calvin Ruocco (Vector Informatik GmbH)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "curl\u0027s websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-12T05:10:37.469Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2025-10148.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2025-10148.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3330839"
        }
      ],
      "title": "predictable WebSocket mask"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2025-10148",
    "datePublished": "2025-09-12T05:10:37.469Z",
    "dateReserved": "2025-09-09T03:45:41.908Z",
    "dateUpdated": "2025-11-18T20:05:32.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2025-10148

CVE-2025-10148 (GCVE-0-2025-10148)

Tags

Sightings

Nomenclature