CVE-2025-14524

MEDIUM 5.3

bearer token leak on cross-protocol redirect

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

7th

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

Vendor	curl
Product	curl
Published	Jan 8, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for curl curl

Be the first to know when new medium vulnerabilities affecting curl curl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

curl / curl

8.17.0 ≤ 8.17.0 8.16.0 ≤ 8.16.0 8.15.0 ≤ 8.15.0 8.14.1 ≤ 8.14.1 8.14.0 ≤ 8.14.0 8.13.0 ≤ 8.13.0 8.12.1 ≤ 8.12.1 8.12.0 ≤ 8.12.0 8.11.1 ≤ 8.11.1 8.11.0 ≤ 8.11.0 8.10.1 ≤ 8.10.1 8.10.0 ≤ 8.10.0 8.9.1 ≤ 8.9.1 8.9.0 ≤ 8.9.0 8.8.0 ≤ 8.8.0 8.7.1 ≤ 8.7.1 8.7.0 ≤ 8.7.0 8.6.0 ≤ 8.6.0 8.5.0 ≤ 8.5.0 8.4.0 ≤ 8.4.0 8.3.0 ≤ 8.3.0 8.2.1 ≤ 8.2.1 8.2.0 ≤ 8.2.0 8.1.2 ≤ 8.1.2 8.1.1 ≤ 8.1.1 8.1.0 ≤ 8.1.0 8.0.1 ≤ 8.0.1 8.0.0 ≤ 8.0.0 7.88.1 ≤ 7.88.1 7.88.0 ≤ 7.88.0 7.87.0 ≤ 7.87.0 7.86.0 ≤ 7.86.0 7.85.0 ≤ 7.85.0 7.84.0 ≤ 7.84.0 7.83.1 ≤ 7.83.1 7.83.0 ≤ 7.83.0 7.82.0 ≤ 7.82.0 7.81.0 ≤ 7.81.0 7.80.0 ≤ 7.80.0 7.79.1 ≤ 7.79.1 7.79.0 ≤ 7.79.0 7.78.0 ≤ 7.78.0 7.77.0 ≤ 7.77.0 7.76.1 ≤ 7.76.1 7.76.0 ≤ 7.76.0 7.75.0 ≤ 7.75.0 7.74.0 ≤ 7.74.0 7.73.0 ≤ 7.73.0 7.72.0 ≤ 7.72.0 7.71.1 ≤ 7.71.1 7.71.0 ≤ 7.71.0 7.70.0 ≤ 7.70.0 7.69.1 ≤ 7.69.1 7.69.0 ≤ 7.69.0 7.68.0 ≤ 7.68.0 7.67.0 ≤ 7.67.0 7.66.0 ≤ 7.66.0 7.65.3 ≤ 7.65.3 7.65.2 ≤ 7.65.2 7.65.1 ≤ 7.65.1 7.65.0 ≤ 7.65.0 7.64.1 ≤ 7.64.1 7.64.0 ≤ 7.64.0 7.63.0 ≤ 7.63.0 7.62.0 ≤ 7.62.0 7.61.1 ≤ 7.61.1 7.61.0 ≤ 7.61.0 7.60.0 ≤ 7.60.0 7.59.0 ≤ 7.59.0 7.58.0 ≤ 7.58.0 7.57.0 ≤ 7.57.0 7.56.1 ≤ 7.56.1 7.56.0 ≤ 7.56.0 7.55.1 ≤ 7.55.1 7.55.0 ≤ 7.55.0 7.54.1 ≤ 7.54.1 7.54.0 ≤ 7.54.0 7.53.1 ≤ 7.53.1 7.53.0 ≤ 7.53.0 7.52.1 ≤ 7.52.1 7.52.0 ≤ 7.52.0 7.51.0 ≤ 7.51.0 7.50.3 ≤ 7.50.3 7.50.2 ≤ 7.50.2 7.50.1 ≤ 7.50.1 7.50.0 ≤ 7.50.0 7.49.1 ≤ 7.49.1 7.49.0 ≤ 7.49.0 7.48.0 ≤ 7.48.0 7.47.1 ≤ 7.47.1 7.47.0 ≤ 7.47.0 7.46.0 ≤ 7.46.0 7.45.0 ≤ 7.45.0 7.44.0 ≤ 7.44.0 7.43.0 ≤ 7.43.0 7.42.1 ≤ 7.42.1 7.42.0 ≤ 7.42.0 7.41.0 ≤ 7.41.0 7.40.0 ≤ 7.40.0 7.39.0 ≤ 7.39.0 7.38.0 ≤ 7.38.0 7.37.1 ≤ 7.37.1 7.37.0 ≤ 7.37.0 7.36.0 ≤ 7.36.0 7.35.0 ≤ 7.35.0 7.34.0 ≤ 7.34.0 7.33.0 ≤ 7.33.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

curl.se: https://curl.se/docs/CVE-2025-14524.json curl.se: https://curl.se/docs/CVE-2025-14524.html hackerone.com: https://hackerone.com/reports/3459417 openwall.com: http://www.openwall.com/lists/oss-security/2026/01/07/4

Credits

anonymous237 on hackerone Daniel Stenberg