CVE-2025-14524
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-601
Source
NVD
Vendor
haxx
Product
curl
Discussion (0)
Add Comment
No comments yet. Be the first!