CVE-2025-0665

HIGH 7.0

eventfd double close

CVSS Score

7.0

EPSS Score

0.0%

EPSS Percentile

0th

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Vendor	curl
Product	curl
Published	Feb 5, 2025
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for curl curl

Be the first to know when new high vulnerabilities affecting curl curl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

curl / curl

8.11.1 ≤ 8.11.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

curl.se: https://curl.se/docs/CVE-2025-0665.json curl.se: https://curl.se/docs/CVE-2025-0665.html hackerone.com: https://hackerone.com/reports/2954286 openwall.com: http://www.openwall.com/lists/oss-security/2025/02/05/2 openwall.com: http://www.openwall.com/lists/oss-security/2025/02/05/5 security.netapp.com: https://security.netapp.com/advisory/ntap-20250306-0007/

Credits

Christian Heusel Andy Pan