Login Sign Up

CVE-2025-14524

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in curl allows OAuth2 bearer tokens to be incorrectly passed during cross-protocol redirects from HTTP(S) to IMAP, LDAP, POP3, or SMTP protocols. Attackers could potentially intercept these tokens if they control the redirect target. Any application using curl with OAuth2 bearer tokens for HTTP transfers is affected.

💻 Affected Systems

Products:
  • curl
  • libcurl
Versions: curl 8.8.0 to 8.9.0
Operating Systems: All operating systems running affected curl versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects transfers using OAuth2 bearer tokens with cross-protocol redirects.

📦 What is this software?

Curl by Haxx

curl is a command-line tool and library for transferring data with URLs. It supports numerous protocols including HTTP, HTTPS, FTP, and more, making it essential for API testing, web scraping, and automated data transfers.

Learn more about Curl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authentication tokens are exposed to malicious servers, potentially leading to unauthorized access to protected resources.

🟠

Likely Case

Token leakage to unintended servers during redirects, though exploitation requires specific redirect conditions.

🟢

If Mitigated

Minimal impact if proper network segmentation and server validation are in place.

🌐 Internet-Facing: MEDIUM - Requires specific redirect scenarios and attacker-controlled endpoints.
🏢 Internal Only: LOW - Internal redirects are less likely to be malicious.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires control over redirect target and specific protocol transitions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: curl 8.10.0

Vendor Advisory: https://curl.se/docs/CVE-2025-14524.html

Restart Required: No

Instructions:

1. Update curl to version 8.10.0 or later. 2. For libcurl, recompile applications with updated library. 3. No service restart needed for command-line curl.

🔧 Temporary Workarounds

Disable redirects

all

Prevent curl from following redirects entirely

curl --max-redirs 0

Use --oauth2-bearer only for final URL

all

Avoid using OAuth2 bearer tokens with URLs that might redirect

🧯 If You Can't Patch

  • Implement application-level validation of redirect targets
  • Use network controls to prevent redirects to unexpected protocols

🔍 How to Verify

Check if Vulnerable:

Check curl version: if between 8.8.0 and 8.9.0 inclusive, and using OAuth2 bearer tokens with redirects.

Check Version:

curl --version | head -1

Verify Fix Applied:

Verify curl version is 8.10.0 or later: curl --version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected protocol transitions in curl logs (HTTP->IMAP, HTTP->LDAP, etc.)
  • Failed authentication attempts following redirects

Network Indicators:

  • Cross-protocol redirect traffic patterns
  • Bearer tokens sent to non-HTTP(S) endpoints

SIEM Query:

source="curl" AND (redirect OR "30" OR "Location:") AND (IMAP OR LDAP OR POP3 OR SMTP)

📊 Metadata

CVE ID: CVE-2025-14524
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-601
EPSS Score: 0.02% exploit probability (5.4th percentile)
Published: January 8, 2026
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14524, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)