CVE-2025-14524

MEDIUM EPSS 44.8%
Published Jan 8, 20265mo ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jan 8, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVSS Details

Base Score
5.3
Exploitability
1.6
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
44.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-601

Affected Products 1

VendorProductVersionRange
haxxcurl*≥7.33.0  –  <8.18.0

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2026/01/07/4
    Mailing ListPatchThird Party Advisory
  • curl.se https://curl.se/docs/CVE-2025-14524.html
    PatchVendor Advisory
  • curl.se https://curl.se/docs/CVE-2025-14524.json
    Vendor Advisory
  • hackerone.com https://hackerone.com/reports/3459417
    ExploitIssue TrackingThird Party Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2026/01/07/4
    Mailing ListPatchThird Party Advisory
  • curl.se https://curl.se/docs/CVE-2025-14524.html
    PatchVendor Advisory