CVE-2025-14017

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-14017
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://curl.se/docs/CVE-2025-14017.html Vendor Advisory
https://curl.se/docs/CVE-2025-14017.json Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/3 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
History

17 Jun 2026, 08:35

Type Values Removed Values Added
Summary
  • (es) Al realizar transferencias LDAPS multihilo (LDAP sobre TLS) con libcurl, cambiar las opciones TLS en un hilo las cambiaría globalmente de forma inadvertida y, por lo tanto, posiblemente también afectaría a otras transferencias configuradas de forma concurrente. Deshabilitar la verificación de certificados para una transferencia específica podría deshabilitar la función involuntariamente para otros hilos también.

27 Jan 2026, 21:29

Type Values Removed Values Added
First Time Haxx curl
Haxx
References () https://curl.se/docs/CVE-2025-14017.html - () https://curl.se/docs/CVE-2025-14017.html - Vendor Advisory
References () https://curl.se/docs/CVE-2025-14017.json - () https://curl.se/docs/CVE-2025-14017.json - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2026/01/07/3 - () http://www.openwall.com/lists/oss-security/2026/01/07/3 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other

16 Jan 2026, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.3

08 Jan 2026, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/01/07/3 -

08 Jan 2026, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-08 10:15

Updated : 2026-06-17 08:35

NVD link : CVE-2025-14017

Mitre link : CVE-2025-14017

CVE.ORG link : CVE-2025-14017

JSON object : View

Products Affected

haxx

  • curl
CWE
NVD-CWE-Other