Back to search
CVE-2025-14524
Published: Jan 8, 2026
Modified: Apr 2, 2026
PUBLISHED
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
| Vendor | Product | Versions |
|---|---|---|
curl | curl | affected 8.17.0 - <= 8.17.0affected 8.16.0 - <= 8.16.0affected 8.15.0 - <= 8.15.0affected 8.14.1 - <= 8.14.1affected 8.14.0 - <= 8.14.0+102 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now