CVE-2025-11563

Discovered by AISLEPUBLISHEDPath traversal

Description

Crafted URL with %2F / %5C can make wcurl save outside the intended directory; can overwrite arbitrary files accessible to the user, but no direct code exec. Vendor severity “Moderate / Medium”

CVSS Base Scores

CVSS v3.1(Primary)

7.5

Affected Products

Vendor	Product	Version	Status
Unknown	wcurl (WebUSB curl helper)	—	—

References

https://curl.se/docs/CVE-2025-11563.html