Back to CVE List

CVE-2025-14524

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Vulnerability Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-601
Source
NVD
Vendor
haxx
Product
curl

External References

Discussion (0)

Add Comment

No comments yet. Be the first!