bearer token leak on cross-protocol redirect_CVE-2025-14524

{
    "lastseen": "",
    "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.",
    "published": "2026-01-08T10:07:25.655Z",
    "modified": "2026-01-09T19:25:30.460Z",
    "type": "cve",
    "title": "bearer token leak on cross-protocol redirect",
    "source": "curl",
    "references": "https://curl.se/docs/CVE-2025-14524.json\nhttps://curl.se/docs/CVE-2025-14524.html\nhttps://hackerone.com/reports/3459417",
    "id": "CVE-2025-14524",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "curl curl 8.17.0\ncurl curl 8.16.0\ncurl curl 8.15.0\ncurl curl 8.14.1\ncurl curl 8.14.0\ncurl curl 8.13.0\ncurl curl 8.12.1\ncurl curl 8.12.0\ncurl curl 8.11.1\ncurl curl 8.11.0\ncurl curl 8.10.1\ncurl curl 8.10.0\ncurl curl 8.9.1\ncurl curl 8.9.0\ncurl curl 8.8.0\ncurl curl 8.7.1\ncurl curl 8.7.0\ncurl curl 8.6.0\ncurl curl 8.5.0\ncurl curl 8.4.0\ncurl curl 8.3.0\ncurl curl 8.2.1\ncurl curl 8.2.0\ncurl curl 8.1.2\ncurl curl 8.1.1\ncurl curl 8.1.0\ncurl curl 8.0.1\ncurl curl 8.0.0\ncurl curl 7.88.1\ncurl curl 7.88.0\ncurl curl 7.87.0\ncurl curl 7.86.0\ncurl curl 7.85.0\ncurl curl 7.84.0\ncurl curl 7.83.1\ncurl curl 7.83.0\ncurl curl 7.82.0\ncurl curl 7.81.0\ncurl curl 7.80.0\ncurl curl 7.79.1\ncurl curl 7.79.0\ncurl curl 7.78.0\ncurl curl 7.77.0\ncurl curl 7.76.1\ncurl curl 7.76.0\ncurl curl 7.75.0\ncurl curl 7.74.0\ncurl curl 7.73.0\ncurl curl 7.72.0\ncurl curl 7.71.1\ncurl curl 7.71.0\ncurl curl 7.70.0\ncurl curl 7.69.1\ncurl curl 7.69.0\ncurl curl 7.68.0\ncurl curl 7.67.0\ncurl curl 7.66.0\ncurl curl 7.65.3\ncurl curl 7.65.2\ncurl curl 7.65.1\ncurl curl 7.65.0\ncurl curl 7.64.1\ncurl curl 7.64.0\ncurl curl 7.63.0\ncurl curl 7.62.0\ncurl curl 7.61.1\ncurl curl 7.61.0\ncurl curl 7.60.0\ncurl curl 7.59.0\ncurl curl 7.58.0\ncurl curl 7.57.0\ncurl curl 7.56.1\ncurl curl 7.56.0\ncurl curl 7.55.1\ncurl curl 7.55.0\ncurl curl 7.54.1\ncurl curl 7.54.0\ncurl curl 7.53.1\ncurl curl 7.53.0\ncurl curl 7.52.1\ncurl curl 7.52.0\ncurl curl 7.51.0\ncurl curl 7.50.3\ncurl curl 7.50.2\ncurl curl 7.50.1\ncurl curl 7.50.0\ncurl curl 7.49.1\ncurl curl 7.49.0\ncurl curl 7.48.0\ncurl curl 7.47.1\ncurl curl 7.47.0\ncurl curl 7.46.0\ncurl curl 7.45.0\ncurl curl 7.44.0\ncurl curl 7.43.0\ncurl curl 7.42.1\ncurl curl 7.42.0\ncurl curl 7.41.0\ncurl curl 7.40.0\ncurl curl 7.39.0\ncurl curl 7.38.0\ncurl curl 7.37.1\ncurl curl 7.37.0\ncurl curl 7.36.0\ncurl curl 7.35.0\ncurl curl 7.34.0\ncurl curl 7.33.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "curl",
    "version": "8.17.0",
    "vendor": "curl",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}