Share via

Is the latest curl vulnerability "Curl < 8.12.0 Double Close (CVE-2025-0665)" fixed in the Feb 2025 patches?

Sinsi P A 25 Reputation points
2025-02-26T09:57:24.41+00:00

Our Windows servers has been notified with the curl vulnerability "Curl < 8.12.0 Double Close (CVE-2025-0665)". We have applied the Feb month OS patches already. But it did not fix the vuln. Is MS planning to release the fix soon in their next releases?

Windows for business | Windows Server | Devices and deployment | Install Windows updates, features, or roles

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-02-27T06:16:44.1266667+00:00

    Hello,

    Thank you for posting in Microsoft Q&A.

    Based on the description, I understand your question is related to vulnerability.

    There is no Microsoft official announcement yet, try keep an eye on upcoming patch notes and security advisories from Microsoft for any updates regarding this issue.

    To mitigate this vulnerability, you can take one of the following actions:

    Upgrade curl and libcurl to version 8.12.0 or later.

    Apply the patch to your current version and rebuild.

    Disable eventfd use in your build.

    Use the c-ares resolver backend

    Have a nice day.

    Best Regards,

    Molly

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it

  2. Harshit Tyagi 0 Reputation points
    2025-04-30T10:10:36.4666667+00:00

    Hello @Anonymous , As per https://curl.se/docs/vuln-8.12.0.html , Latest version curl was released on 5th Feb 2025 , Do you have any update on upcoming patch in May since it is not available in April patch

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.