CVE-2025-14524 - Vulnerability Details - OpenCVE

ReportizFlow

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Curl	Curl

No data.

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2026/01/07/4
https://curl.se/docs/CVE-2025-14524.html
https://curl.se/docs/CVE-2025-14524.json
https://hackerone.com/reports/3459417

History

Fri, 09 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 09 Jan 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Curl Curl curl
Vendors & Products		Curl Curl curl

Thu, 08 Jan 2026 11:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2026/01/07/4

Thu, 08 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Title		bearer token leak on cross-protocol redirect
References		https://curl.se/docs/CVE-2025-14524.html https://curl.se/docs/CVE-2025-14524.json https://hackerone.com/reports/3459417

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2026-01-08T10:07:25.655Z

Updated: 2026-01-09T19:25:30.460Z

Reserved: 2025-12-11T08:04:14.328Z

Link: CVE-2025-14524

Vulnrichment

Updated: 2026-01-08T11:06:18.117Z

NVD

Status : Awaiting Analysis

Published: 2026-01-08T10:15:46.607

Modified: 2026-01-09T20:15:51.243

Link: CVE-2025-14524

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14524", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "state": "PUBLISHED", "assignerShortName": "curl", "dateReserved": "2025-12-11T08:04:14.328Z", "datePublished": "2026-01-08T10:07:25.655Z", "dateUpdated": "2026-01-09T19:25:30.460Z"}, "containers": {"cna": {"title": "bearer token leak on cross-protocol redirect", "descriptions": [{"lang": "en", "value": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host."}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2026-01-08T10:07:25.655Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.17.0", "status": "affected", "lessThanOrEqual": "8.17.0", "versionType": "semver"}, {"version": "8.16.0", "status": "affected", "lessThanOrEqual": "8.16.0", "versionType": "semver"}, {"version": "8.15.0", "status": "affected", "lessThanOrEqual": "8.15.0", "versionType": "semver"}, {"version": "8.14.1", "status": "affected", "lessThanOrEqual": "8.14.1", "versionType": "semver"}, {"version": "8.14.0", "status": "affected", "lessThanOrEqual": "8.14.0", "versionType": "semver"}, {"version": "8.13.0", "status": "affected", "lessThanOrEqual": "8.13.0", "versionType": "semver"}, {"version": "8.12.1", "status": "affected", "lessThanOrEqual": "8.12.1", "versionType": "semver"}, {"version": "8.12.0", "status": "affected", "lessThanOrEqual": "8.12.0", "versionType": "semver"}, {"version": "8.11.1", "status": "affected", "lessThanOrEqual": "8.11.1", "versionType": "semver"}, {"version": "8.11.0", "status": "affected", "lessThanOrEqual": "8.11.0", "versionType": "semver"}, {"version": "8.10.1", "status": "affected", "lessThanOrEqual": "8.10.1", "versionType": "semver"}, {"version": "8.10.0", "status": "affected", "lessThanOrEqual": "8.10.0", "versionType": "semver"}, {"version": "8.9.1", "status": "affected", "lessThanOrEqual": "8.9.1", "versionType": "semver"}, {"version": "8.9.0", "status": "affected", "lessThanOrEqual": "8.9.0", "versionType": "semver"}, {"version": "8.8.0", "status": "affected", "lessThanOrEqual": "8.8.0", "versionType": "semver"}, {"version": "8.7.1", "status": "affected", "lessThanOrEqual": "8.7.1", "versionType": "semver"}, {"version": "8.7.0", "status": "affected", "lessThanOrEqual": "8.7.0", "versionType": "semver"}, {"version": "8.6.0", "status": "affected", "lessThanOrEqual": "8.6.0", "versionType": "semver"}, {"version": "8.5.0", "status": "affected", "lessThanOrEqual": "8.5.0", "versionType": "semver"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.0", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThanOrEqual": "8.3.0", "versionType": "semver"}, {"version": "8.2.1", "status": "affected", "lessThanOrEqual": "8.2.1", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThanOrEqual": "8.2.0", "versionType": "semver"}, {"version": "8.1.2", "status": "affected", "lessThanOrEqual": "8.1.2", "versionType": "semver"}, {"version": "8.1.1", "status": "affected", "lessThanOrEqual": "8.1.1", "versionType": "semver"}, {"version": "8.1.0", "status": "affected", "lessThanOrEqual": "8.1.0", "versionType": "semver"}, {"version": "8.0.1", "status": "affected", "lessThanOrEqual": "8.0.1", "versionType": "semver"}, {"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.0", "versionType": "semver"}, {"version": "7.88.1", "status": "affected", "lessThanOrEqual": "7.88.1", "versionType": "semver"}, {"version": "7.88.0", "status": "affected", "lessThanOrEqual": "7.88.0", "versionType": "semver"}, {"version": "7.87.0", "status": "affected", "lessThanOrEqual": "7.87.0", "versionType": "semver"}, {"version": "7.86.0", "status": "affected", "lessThanOrEqual": "7.86.0", "versionType": "semver"}, {"version": "7.85.0", "status": "affected", "lessThanOrEqual": "7.85.0", "versionType": "semver"}, {"version": "7.84.0", "status": "affected", "lessThanOrEqual": "7.84.0", "versionType": "semver"}, {"version": "7.83.1", "status": "affected", "lessThanOrEqual": "7.83.1", "versionType": "semver"}, {"version": "7.83.0", "status": "affected", "lessThanOrEqual": "7.83.0", "versionType": "semver"}, {"version": "7.82.0", "status": "affected", "lessThanOrEqual": "7.82.0", "versionType": "semver"}, {"version": "7.81.0", "status": "affected", "lessThanOrEqual": "7.81.0", "versionType": "semver"}, {"version": "7.80.0", "status": "affected", "lessThanOrEqual": "7.80.0", "versionType": "semver"}, {"version": "7.79.1", "status": "affected", "lessThanOrEqual": "7.79.1", "versionType": "semver"}, {"version": "7.79.0", "status": "affected", "lessThanOrEqual": "7.79.0", "versionType": "semver"}, {"version": "7.78.0", "status": "affected", "lessThanOrEqual": "7.78.0", "versionType": "semver"}, {"version": "7.77.0", "status": "affected", "lessThanOrEqual": "7.77.0", "versionType": "semver"}, {"version": "7.76.1", "status": "affected", "lessThanOrEqual": "7.76.1", "versionType": "semver"}, {"version": "7.76.0", "status": "affected", "lessThanOrEqual": "7.76.0", "versionType": "semver"}, {"version": "7.75.0", "status": "affected", "lessThanOrEqual": "7.75.0", "versionType": "semver"}, {"version": "7.74.0", "status": "affected", "lessThanOrEqual": "7.74.0", "versionType": "semver"}, {"version": "7.73.0", "status": "affected", "lessThanOrEqual": "7.73.0", "versionType": "semver"}, {"version": "7.72.0", "status": "affected", "lessThanOrEqual": "7.72.0", "versionType": "semver"}, {"version": "7.71.1", "status": "affected", "lessThanOrEqual": "7.71.1", "versionType": "semver"}, {"version": "7.71.0", "status": "affected", "lessThanOrEqual": "7.71.0", "versionType": "semver"}, {"version": "7.70.0", "status": "affected", "lessThanOrEqual": "7.70.0", "versionType": "semver"}, {"version": "7.69.1", "status": "affected", "lessThanOrEqual": "7.69.1", "versionType": "semver"}, {"version": "7.69.0", "status": "affected", "lessThanOrEqual": "7.69.0", "versionType": "semver"}, {"version": "7.68.0", "status": "affected", "lessThanOrEqual": "7.68.0", "versionType": "semver"}, {"version": "7.67.0", "status": "affected", "lessThanOrEqual": "7.67.0", "versionType": "semver"}, {"version": "7.66.0", "status": "affected", "lessThanOrEqual": "7.66.0", "versionType": "semver"}, {"version": "7.65.3", "status": "affected", "lessThanOrEqual": "7.65.3", "versionType": "semver"}, {"version": "7.65.2", "status": "affected", "lessThanOrEqual": "7.65.2", "versionType": "semver"}, {"version": "7.65.1", "status": "affected", "lessThanOrEqual": "7.65.1", "versionType": "semver"}, {"version": "7.65.0", "status": "affected", "lessThanOrEqual": "7.65.0", "versionType": "semver"}, {"version": "7.64.1", "status": "affected", "lessThanOrEqual": "7.64.1", "versionType": "semver"}, {"version": "7.64.0", "status": "affected", "lessThanOrEqual": "7.64.0", "versionType": "semver"}, {"version": "7.63.0", "status": "affected", "lessThanOrEqual": "7.63.0", "versionType": "semver"}, {"version": "7.62.0", "status": "affected", "lessThanOrEqual": "7.62.0", "versionType": "semver"}, {"version": "7.61.1", "status": "affected", "lessThanOrEqual": "7.61.1", "versionType": "semver"}, {"version": "7.61.0", "status": "affected", "lessThanOrEqual": "7.61.0", "versionType": "semver"}, {"version": "7.60.0", "status": "affected", "lessThanOrEqual": "7.60.0", "versionType": "semver"}, {"version": "7.59.0", "status": "affected", "lessThanOrEqual": "7.59.0", "versionType": "semver"}, {"version": "7.58.0", "status": "affected", "lessThanOrEqual": "7.58.0", "versionType": "semver"}, {"version": "7.57.0", "status": "affected", "lessThanOrEqual": "7.57.0", "versionType": "semver"}, {"version": "7.56.1", "status": "affected", "lessThanOrEqual": "7.56.1", "versionType": "semver"}, {"version": "7.56.0", "status": "affected", "lessThanOrEqual": "7.56.0", "versionType": "semver"}, {"version": "7.55.1", "status": "affected", "lessThanOrEqual": "7.55.1", "versionType": "semver"}, {"version": "7.55.0", "status": "affected", "lessThanOrEqual": "7.55.0", "versionType": "semver"}, {"version": "7.54.1", "status": "affected", "lessThanOrEqual": "7.54.1", "versionType": "semver"}, {"version": "7.54.0", "status": "affected", "lessThanOrEqual": "7.54.0", "versionType": "semver"}, {"version": "7.53.1", "status": "affected", "lessThanOrEqual": "7.53.1", "versionType": "semver"}, {"version": "7.53.0", "status": "affected", "lessThanOrEqual": "7.53.0", "versionType": "semver"}, {"version": "7.52.1", "status": "affected", "lessThanOrEqual": "7.52.1", "versionType": "semver"}, {"version": "7.52.0", "status": "affected", "lessThanOrEqual": "7.52.0", "versionType": "semver"}, {"version": "7.51.0", "status": "affected", "lessThanOrEqual": "7.51.0", "versionType": "semver"}, {"version": "7.50.3", "status": "affected", "lessThanOrEqual": "7.50.3", "versionType": "semver"}, {"version": "7.50.2", "status": "affected", "lessThanOrEqual": "7.50.2", "versionType": "semver"}, {"version": "7.50.1", "status": "affected", "lessThanOrEqual": "7.50.1", "versionType": "semver"}, {"version": "7.50.0", "status": "affected", "lessThanOrEqual": "7.50.0", "versionType": "semver"}, {"version": "7.49.1", "status": "affected", "lessThanOrEqual": "7.49.1", "versionType": "semver"}, {"version": "7.49.0", "status": "affected", "lessThanOrEqual": "7.49.0", "versionType": "semver"}, {"version": "7.48.0", "status": "affected", "lessThanOrEqual": "7.48.0", "versionType": "semver"}, {"version": "7.47.1", "status": "affected", "lessThanOrEqual": "7.47.1", "versionType": "semver"}, {"version": "7.47.0", "status": "affected", "lessThanOrEqual": "7.47.0", "versionType": "semver"}, {"version": "7.46.0", "status": "affected", "lessThanOrEqual": "7.46.0", "versionType": "semver"}, {"version": "7.45.0", "status": "affected", "lessThanOrEqual": "7.45.0", "versionType": "semver"}, {"version": "7.44.0", "status": "affected", "lessThanOrEqual": "7.44.0", "versionType": "semver"}, {"version": "7.43.0", "status": "affected", "lessThanOrEqual": "7.43.0", "versionType": "semver"}, {"version": "7.42.1", "status": "affected", "lessThanOrEqual": "7.42.1", "versionType": "semver"}, {"version": "7.42.0", "status": "affected", "lessThanOrEqual": "7.42.0", "versionType": "semver"}, {"version": "7.41.0", "status": "affected", "lessThanOrEqual": "7.41.0", "versionType": "semver"}, {"version": "7.40.0", "status": "affected", "lessThanOrEqual": "7.40.0", "versionType": "semver"}, {"version": "7.39.0", "status": "affected", "lessThanOrEqual": "7.39.0", "versionType": "semver"}, {"version": "7.38.0", "status": "affected", "lessThanOrEqual": "7.38.0", "versionType": "semver"}, {"version": "7.37.1", "status": "affected", "lessThanOrEqual": "7.37.1", "versionType": "semver"}, {"version": "7.37.0", "status": "affected", "lessThanOrEqual": "7.37.0", "versionType": "semver"}, {"version": "7.36.0", "status": "affected", "lessThanOrEqual": "7.36.0", "versionType": "semver"}, {"version": "7.35.0", "status": "affected", "lessThanOrEqual": "7.35.0", "versionType": "semver"}, {"version": "7.34.0", "status": "affected", "lessThanOrEqual": "7.34.0", "versionType": "semver"}, {"version": "7.33.0", "status": "affected", "lessThanOrEqual": "7.33.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2025-14524.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2025-14524.html", "name": "www"}, {"url": "https://hackerone.com/reports/3459417", "name": "issue"}], "credits": [{"lang": "en", "value": "anonymous237 on hackerone", "type": "finder"}, {"lang": "en", "value": "Daniel Stenberg", "type": "remediation developer"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/01/07/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-08T11:06:18.117Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T19:24:54.231955Z", "id": "CVE-2025-14524", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T19:25:30.460Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/01/07/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-08T11:06:18.117Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-14524", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T19:24:54.231955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T19:25:18.454Z"}}], "cna": {"title": "bearer token leak on cross-protocol redirect", "credits": [{"lang": "en", "type": "finder", "value": "anonymous237 on hackerone"}, {"lang": "en", "type": "remediation developer", "value": "Daniel Stenberg"}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"status": "affected", "version": "8.17.0", "versionType": "semver", "lessThanOrEqual": "8.17.0"}, {"status": "affected", "version": "8.16.0", "versionType": "semver", "lessThanOrEqual": "8.16.0"}, {"status": "affected", "version": "8.15.0", "versionType": "semver", "lessThanOrEqual": "8.15.0"}, {"status": "affected", "version": "8.14.1", "versionType": "semver", "lessThanOrEqual": "8.14.1"}, {"status": "affected", "version": "8.14.0", "versionType": "semver", "lessThanOrEqual": "8.14.0"}, {"status": "affected", "version": "8.13.0", "versionType": "semver", "lessThanOrEqual": "8.13.0"}, {"status": "affected", "version": "8.12.1", "versionType": "semver", "lessThanOrEqual": "8.12.1"}, {"status": "affected", "version": "8.12.0", "versionType": "semver", "lessThanOrEqual": "8.12.0"}, {"status": "affected", "version": "8.11.1", "versionType": "semver", "lessThanOrEqual": "8.11.1"}, {"status": "affected", "version": "8.11.0", "versionType": "semver", "lessThanOrEqual": "8.11.0"}, {"status": "affected", "version": "8.10.1", "versionType": "semver", "lessThanOrEqual": "8.10.1"}, {"status": "affected", "version": "8.10.0", "versionType": "semver", "lessThanOrEqual": "8.10.0"}, {"status": "affected", "version": "8.9.1", "versionType": "semver", "lessThanOrEqual": "8.9.1"}, {"status": "affected", "version": "8.9.0", "versionType": "semver", "lessThanOrEqual": "8.9.0"}, {"status": "affected", "version": "8.8.0", "versionType": "semver", "lessThanOrEqual": "8.8.0"}, {"status": "affected", "version": "8.7.1", "versionType": "semver", "lessThanOrEqual": "8.7.1"}, {"status": "affected", "version": "8.7.0", "versionType": "semver", "lessThanOrEqual": "8.7.0"}, {"status": "affected", "version": "8.6.0", "versionType": "semver", "lessThanOrEqual": "8.6.0"}, {"status": "affected", "version": "8.5.0", "versionType": "semver", "lessThanOrEqual": "8.5.0"}, {"status": "affected", "version": "8.4.0", "versionType": "semver", "lessThanOrEqual": "8.4.0"}, {"status": "affected", "version": "8.3.0", "versionType": "semver", "lessThanOrEqual": "8.3.0"}, {"status": "affected", "version": "8.2.1", "versionType": "semver", "lessThanOrEqual": "8.2.1"}, {"status": "affected", "version": "8.2.0", "versionType": "semver", "lessThanOrEqual": "8.2.0"}, {"status": "affected", "version": "8.1.2", "versionType": "semver", "lessThanOrEqual": "8.1.2"}, {"status": "affected", "version": "8.1.1", "versionType": "semver", "lessThanOrEqual": "8.1.1"}, {"status": "affected", "version": "8.1.0", "versionType": "semver", "lessThanOrEqual": "8.1.0"}, {"status": "affected", "version": "8.0.1", "versionType": "semver", "lessThanOrEqual": "8.0.1"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.0"}, {"status": "affected", "version": "7.88.1", "versionType": "semver", "lessThanOrEqual": "7.88.1"}, {"status": "affected", "version": "7.88.0", "versionType": "semver", "lessThanOrEqual": "7.88.0"}, {"status": "affected", "version": "7.87.0", "versionType": "semver", "lessThanOrEqual": "7.87.0"}, {"status": "affected", "version": "7.86.0", "versionType": "semver", "lessThanOrEqual": "7.86.0"}, {"status": "affected", "version": "7.85.0", "versionType": "semver", "lessThanOrEqual": "7.85.0"}, {"status": "affected", "version": "7.84.0", "versionType": "semver", "lessThanOrEqual": "7.84.0"}, {"status": "affected", "version": "7.83.1", "versionType": "semver", "lessThanOrEqual": "7.83.1"}, {"status": "affected", "version": "7.83.0", "versionType": "semver", "lessThanOrEqual": "7.83.0"}, {"status": "affected", "version": "7.82.0", "versionType": "semver", "lessThanOrEqual": "7.82.0"}, {"status": "affected", "version": "7.81.0", "versionType": "semver", "lessThanOrEqual": "7.81.0"}, {"status": "affected", "version": "7.80.0", "versionType": "semver", "lessThanOrEqual": "7.80.0"}, {"status": "affected", "version": "7.79.1", "versionType": "semver", "lessThanOrEqual": "7.79.1"}, {"status": "affected", "version": "7.79.0", "versionType": "semver", "lessThanOrEqual": "7.79.0"}, {"status": "affected", "version": "7.78.0", "versionType": "semver", "lessThanOrEqual": "7.78.0"}, {"status": "affected", "version": "7.77.0", "versionType": "semver", "lessThanOrEqual": "7.77.0"}, {"status": "affected", "version": "7.76.1", "versionType": "semver", "lessThanOrEqual": "7.76.1"}, {"status": "affected", "version": "7.76.0", "versionType": "semver", "lessThanOrEqual": "7.76.0"}, {"status": "affected", "version": "7.75.0", "versionType": "semver", "lessThanOrEqual": "7.75.0"}, {"status": "affected", "version": "7.74.0", "versionType": "semver", "lessThanOrEqual": "7.74.0"}, {"status": "affected", "version": "7.73.0", "versionType": "semver", "lessThanOrEqual": "7.73.0"}, {"status": "affected", "version": "7.72.0", "versionType": "semver", "lessThanOrEqual": "7.72.0"}, {"status": "affected", "version": "7.71.1", "versionType": "semver", "lessThanOrEqual": "7.71.1"}, {"status": "affected", "version": "7.71.0", "versionType": "semver", "lessThanOrEqual": "7.71.0"}, {"status": "affected", "version": "7.70.0", "versionType": "semver", "lessThanOrEqual": "7.70.0"}, {"status": "affected", "version": "7.69.1", "versionType": "semver", "lessThanOrEqual": "7.69.1"}, {"status": "affected", "version": "7.69.0", "versionType": "semver", "lessThanOrEqual": "7.69.0"}, {"status": "affected", "version": "7.68.0", "versionType": "semver", "lessThanOrEqual": "7.68.0"}, {"status": "affected", "version": "7.67.0", "versionType": "semver", "lessThanOrEqual": "7.67.0"}, {"status": "affected", "version": "7.66.0", "versionType": "semver", "lessThanOrEqual": "7.66.0"}, {"status": "affected", "version": "7.65.3", "versionType": "semver", "lessThanOrEqual": "7.65.3"}, {"status": "affected", "version": "7.65.2", "versionType": "semver", "lessThanOrEqual": "7.65.2"}, {"status": "affected", "version": "7.65.1", "versionType": "semver", "lessThanOrEqual": "7.65.1"}, {"status": "affected", "version": "7.65.0", "versionType": "semver", "lessThanOrEqual": "7.65.0"}, {"status": "affected", "version": "7.64.1", "versionType": "semver", "lessThanOrEqual": "7.64.1"}, {"status": "affected", "version": "7.64.0", "versionType": "semver", "lessThanOrEqual": "7.64.0"}, {"status": "affected", "version": "7.63.0", "versionType": "semver", "lessThanOrEqual": "7.63.0"}, {"status": "affected", "version": "7.62.0", "versionType": "semver", "lessThanOrEqual": "7.62.0"}, {"status": "affected", "version": "7.61.1", "versionType": "semver", "lessThanOrEqual": "7.61.1"}, {"status": "affected", "version": "7.61.0", "versionType": "semver", "lessThanOrEqual": "7.61.0"}, {"status": "affected", "version": "7.60.0", "versionType": "semver", "lessThanOrEqual": "7.60.0"}, {"status": "affected", "version": "7.59.0", "versionType": "semver", "lessThanOrEqual": "7.59.0"}, {"status": "affected", "version": "7.58.0", "versionType": "semver", "lessThanOrEqual": "7.58.0"}, {"status": "affected", "version": "7.57.0", "versionType": "semver", "lessThanOrEqual": "7.57.0"}, {"status": "affected", "version": "7.56.1", "versionType": "semver", "lessThanOrEqual": "7.56.1"}, {"status": "affected", "version": "7.56.0", "versionType": "semver", "lessThanOrEqual": "7.56.0"}, {"status": "affected", "version": "7.55.1", "versionType": "semver", "lessThanOrEqual": "7.55.1"}, {"status": "affected", "version": "7.55.0", "versionType": "semver", "lessThanOrEqual": "7.55.0"}, {"status": "affected", "version": "7.54.1", "versionType": "semver", "lessThanOrEqual": "7.54.1"}, {"status": "affected", "version": "7.54.0", "versionType": "semver", "lessThanOrEqual": "7.54.0"}, {"status": "affected", "version": "7.53.1", "versionType": "semver", "lessThanOrEqual": "7.53.1"}, {"status": "affected", "version": "7.53.0", "versionType": "semver", "lessThanOrEqual": "7.53.0"}, {"status": "affected", "version": "7.52.1", "versionType": "semver", "lessThanOrEqual": "7.52.1"}, {"status": "affected", "version": "7.52.0", "versionType": "semver", "lessThanOrEqual": "7.52.0"}, {"status": "affected", "version": "7.51.0", "versionType": "semver", "lessThanOrEqual": "7.51.0"}, {"status": "affected", "version": "7.50.3", "versionType": "semver", "lessThanOrEqual": "7.50.3"}, {"status": "affected", "version": "7.50.2", "versionType": "semver", "lessThanOrEqual": "7.50.2"}, {"status": "affected", "version": "7.50.1", "versionType": "semver", "lessThanOrEqual": "7.50.1"}, {"status": "affected", "version": "7.50.0", "versionType": "semver", "lessThanOrEqual": "7.50.0"}, {"status": "affected", "version": "7.49.1", "versionType": "semver", "lessThanOrEqual": "7.49.1"}, {"status": "affected", "version": "7.49.0", "versionType": "semver", "lessThanOrEqual": "7.49.0"}, {"status": "affected", "version": "7.48.0", "versionType": "semver", "lessThanOrEqual": "7.48.0"}, {"status": "affected", "version": "7.47.1", "versionType": "semver", "lessThanOrEqual": "7.47.1"}, {"status": "affected", "version": "7.47.0", "versionType": "semver", "lessThanOrEqual": "7.47.0"}, {"status": "affected", "version": "7.46.0", "versionType": "semver", "lessThanOrEqual": "7.46.0"}, {"status": "affected", "version": "7.45.0", "versionType": "semver", "lessThanOrEqual": "7.45.0"}, {"status": "affected", "version": "7.44.0", "versionType": "semver", "lessThanOrEqual": "7.44.0"}, {"status": "affected", "version": "7.43.0", "versionType": "semver", "lessThanOrEqual": "7.43.0"}, {"status": "affected", "version": "7.42.1", "versionType": "semver", "lessThanOrEqual": "7.42.1"}, {"status": "affected", "version": "7.42.0", "versionType": "semver", "lessThanOrEqual": "7.42.0"}, {"status": "affected", "version": "7.41.0", "versionType": "semver", "lessThanOrEqual": "7.41.0"}, {"status": "affected", "version": "7.40.0", "versionType": "semver", "lessThanOrEqual": "7.40.0"}, {"status": "affected", "version": "7.39.0", "versionType": "semver", "lessThanOrEqual": "7.39.0"}, {"status": "affected", "version": "7.38.0", "versionType": "semver", "lessThanOrEqual": "7.38.0"}, {"status": "affected", "version": "7.37.1", "versionType": "semver", "lessThanOrEqual": "7.37.1"}, {"status": "affected", "version": "7.37.0", "versionType": "semver", "lessThanOrEqual": "7.37.0"}, {"status": "affected", "version": "7.36.0", "versionType": "semver", "lessThanOrEqual": "7.36.0"}, {"status": "affected", "version": "7.35.0", "versionType": "semver", "lessThanOrEqual": "7.35.0"}, {"status": "affected", "version": "7.34.0", "versionType": "semver", "lessThanOrEqual": "7.34.0"}, {"status": "affected", "version": "7.33.0", "versionType": "semver", "lessThanOrEqual": "7.33.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2025-14524.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2025-14524.html", "name": "www"}, {"url": "https://hackerone.com/reports/3459417", "name": "issue"}], "descriptions": [{"lang": "en", "value": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2026-01-08T10:07:25.655Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14524", "state": "PUBLISHED", "dateUpdated": "2026-01-09T19:25:30.460Z", "dateReserved": "2025-12-11T08:04:14.328Z", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "datePublished": "2026-01-08T10:07:25.655Z", "assignerShortName": "curl"}, "dataVersion": "5.2"}