CVE-2025-14524

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-14524
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://curl.se/docs/CVE-2025-14524.html Patch Vendor Advisory
https://curl.se/docs/CVE-2025-14524.json Vendor Advisory
https://hackerone.com/reports/3459417 Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/4 Mailing List Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
History

17 Jun 2026, 08:36

Type Values Removed Values Added
References () https://curl.se/docs/CVE-2025-14524.html - Vendor Advisory, Patch () https://curl.se/docs/CVE-2025-14524.html - Patch, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2026/01/07/4 - Mailing List, Third Party Advisory, Patch () http://www.openwall.com/lists/oss-security/2026/01/07/4 - Mailing List, Patch, Third Party Advisory
Summary
  • (es) Cuando se utiliza un token portador de OAuth2 para una transferencia HTTP(S), y esa transferencia realiza una redirección entre protocolos a una segunda URL que utiliza un esquema IMAP, LDAP, POP3 o SMTP, curl podría pasar erróneamente el token portador al nuevo host de destino.

20 Jan 2026, 14:53

Type Values Removed Values Added
CPE cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
First Time Haxx curl
Haxx
CWE CWE-601
References () https://curl.se/docs/CVE-2025-14524.html - () https://curl.se/docs/CVE-2025-14524.html - Vendor Advisory, Patch
References () https://curl.se/docs/CVE-2025-14524.json - () https://curl.se/docs/CVE-2025-14524.json - Vendor Advisory
References () https://hackerone.com/reports/3459417 - () https://hackerone.com/reports/3459417 - Exploit, Issue Tracking, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2026/01/07/4 - () http://www.openwall.com/lists/oss-security/2026/01/07/4 - Mailing List, Third Party Advisory, Patch

09 Jan 2026, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

08 Jan 2026, 11:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/01/07/4 -

08 Jan 2026, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-08 10:15

Updated : 2026-06-17 08:36

NVD link : CVE-2025-14524

Mitre link : CVE-2025-14524

CVE.ORG link : CVE-2025-14524

JSON object : View

Products Affected

haxx

  • curl
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')