When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.
References
| Link | Resource |
|---|---|
| https://curl.se/docs/CVE-2025-14524.html | Vendor Advisory Patch |
| https://curl.se/docs/CVE-2025-14524.json | Vendor Advisory |
| https://hackerone.com/reports/3459417 | Exploit Issue Tracking Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2026/01/07/4 | Mailing List Third Party Advisory Patch |
Configurations
History
20 Jan 2026, 14:53
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
| First Time |
Haxx curl
Haxx |
|
| CWE | CWE-601 | |
| References | () https://curl.se/docs/CVE-2025-14524.html - Vendor Advisory, Patch | |
| References | () https://curl.se/docs/CVE-2025-14524.json - Vendor Advisory | |
| References | () https://hackerone.com/reports/3459417 - Exploit, Issue Tracking, Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/01/07/4 - Mailing List, Third Party Advisory, Patch |
09 Jan 2026, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
08 Jan 2026, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 Jan 2026, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-08 10:15
Updated : 2026-01-20 14:53
NVD link : CVE-2025-14524
Mitre link : CVE-2025-14524
CVE.ORG link : CVE-2025-14524
JSON object : View
Products Affected
haxx
- curl
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')