CVE-2025-14524
MEDIUMcurl Cross-Protocol Redirect - OAuth2 Bearer Token Disclosure
Title source: manualDescription
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
References (4)
Core 4
Core References
Vendor Advisory, Patch
https://curl.se/docs/CVE-2025-14524.html
Vendor Advisory
https://curl.se/docs/CVE-2025-14524.json
Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/3459417
Mailing List, Third Party Advisory, Patch
http://www.openwall.com/lists/oss-security/2026/01/07/4
Scores
CVSS v3
5.3
EPSS
0.0061
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (50)
curl/curl
7.33.0
curl/curl
7.34.0
curl/curl
7.35.0
curl/curl
7.36.0
curl/curl
7.37.0
curl/curl
7.37.1
curl/curl
7.38.0
curl/curl
7.39.0
curl/curl
7.40.0
curl/curl
7.41.0
... and 40 more
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026