Share via

Is the latest curl vulnerability "Curl < 8.12.0 Double Close (CVE-2025-0665)" fixed in the Feb 2025 patches?

Sinsi P A 25 Reputation points
2025-02-26T09:57:24.41+00:00

Our Windows servers has been notified with the curl vulnerability "Curl < 8.12.0 Double Close (CVE-2025-0665)". We have applied the Feb month OS patches already. But it did not fix the vuln. Is MS planning to release the fix soon in their next releases?

Windows Server Devices and deployment Install Windows updates, features, or roles

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Molly Lu-MSFT 2,586 Reputation points Microsoft External Staff
    2025-02-27T06:16:44.1266667+00:00

    Hello,

    Thank you for posting in Microsoft Q&A.

    Based on the description, I understand your question is related to vulnerability.

    There is no Microsoft official announcement yet, try keep an eye on upcoming patch notes and security advisories from Microsoft for any updates regarding this issue.

    To mitigate this vulnerability, you can take one of the following actions:

    Upgrade curl and libcurl to version 8.12.0 or later.

    Apply the patch to your current version and rebuild.

    Disable eventfd use in your build.

    Use the c-ares resolver backend

    Have a nice day.

    Best Regards,

    Molly

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.