CVE-2025-14017
MEDIUMcurl 7.17.0-8.17.0 - Unauthenticated TLS Certificate Verification Bypass via Multi-threaded LDAPS Transfers
Title source: llmDescription
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/3
Vendor Advisory
https://curl.se/docs/CVE-2025-14017.json
Vendor Advisory
https://curl.se/docs/CVE-2025-14017.html
Scores
CVSS v3
6.3
EPSS
0.0000
EPSS Percentile
0.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (50)
curl/curl
7.17.0
curl/curl
7.17.1
curl/curl
7.18.0
curl/curl
7.18.1
curl/curl
7.18.2
curl/curl
7.19.0
curl/curl
7.19.1
curl/curl
7.19.2
curl/curl
7.19.3
curl/curl
7.19.4
... and 40 more
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026