CVE-2025-14819
MEDIUMcurl 7.87.0-8.17.9 - Improper Certificate Validation via Cached CA Store Reuse
Title source: llmDescription
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
References (3)
Core 3
Core References
Vendor Advisory, Mitigation, Patch
https://curl.se/docs/CVE-2025-14819.html
Vendor Advisory
https://curl.se/docs/CVE-2025-14819.json
Mailing List, Third Party Advisory, Mitigation, Patch
http://www.openwall.com/lists/oss-security/2026/01/07/5
Scores
CVSS v3
5.3
EPSS
0.0063
EPSS Percentile
45.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (1)
haxx/curl
7.87.0 - 8.18.0
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026