- CVE ID
- CVE-2025-15224
- CVE Description
- When doing SSH-based transfers using either SCP or SFTP, and asked to do
public key authentication, curl would wrongly still ask and authenticate using
a locally running SSH agent.
- Published
- Jan 13, 2026
- CVSS Score & Severity
3.1Low
- CVSS Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
- EPSS Score
- 0.084%
- KEV Status
Not in KEV Catalog: No known exploits
- Source
- National Vulnerability Database
