CVE-2025-14524

CWE-601Open RedirectCWE-20112 documents10 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 92.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Haxx CurlCurl Curl
Timeline
PublishedJan 8
Latest updateMar 11

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

NVDhaxx/curl7.33.08.18.0
Debiancurl< 8.18.0~rc2-1
CVEListV5curl/curl8.17.08.17.0+106

Patches

Patch: curl.sePatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-g897-jvjx-78vg: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, L2026-01-08
OSV
CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, L2026-01-08
CVEList
bearer token leak on cross-protocol redirect2026-01-08

📋Vendor Advisories

3
Ubuntu
curl vulnerabilities2026-02-25
Red Hat
curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token2026-01-07
Debian
CVE-2025-14524: curl - When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer p...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-14524 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

4
HackerOne
CVE-2026-3783: token leak with redirect and netrc2026-03-11
HackerOne
libcurl: Improper Authentication State Management on Cross-Protocol Redirects2026-01-17
HackerOne
CVE-2025-14524: bearer token leak on cross-protocol redirect2026-01-07
Bugzilla
CVE-2025-14524 curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token2025-12-31
CVE-2025-14524 (MEDIUM CVSS 5.3) | When an OAuth2 bearer token is used | cvebase.io