CVE-2025-14524

🔶 medium

Summary

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVSS Score

5.3

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-01-08

First Seen: 2026-01-17

Last Modified 2026-01-20

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-601

🔗 References 4

https://curl.se/docs/CVE-2025-14524.html

Vendor Advisory Patch

https://curl.se/docs/CVE-2025-14524.json

Vendor Advisory

https://hackerone.com/reports/3459417

Exploit Issue Tracking Third Party Advisory

http://www.openwall.com/lists/oss-security/2026/01/07/4

Mailing List Third Party Advisory Patch

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
haxx	curl	Affected	≥ 7.33.0 < 8.18.0

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-13034	🔶 medium	5.9	0.0	When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the pu...	2026-01-08
CVE-2025-14017	🔶 medium	6.3	0.0	When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadver...	2026-01-08
CVE-2025-14819	🔶 medium	5.3	0.0	When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option...	2026-01-08
CVE-2025-15079	🔶 medium	5.3	0.0	When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl...	2026-01-08
CVE-2025-15224	ℹ️ low	3.1	0.1	When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly s...	2026-01-08
CVE-2025-10966	🔶 medium	4.3	0.0	curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...	2025-11-07

These CVEs affect the same products