CVE-2025-14524
Publication date 6 January 2026
Last updated 27 February 2026
Ubuntu priority
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Read the notes from the security team
Why is this CVE low priority?
This is rated as being low severity by Curl developers
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| curl | 25.10 questing |
Fixed 8.14.1-2ubuntu1.1
|
| 24.04 LTS noble |
Fixed 8.5.0-2ubuntu10.7
|
|
| 22.04 LTS jammy |
Fixed 7.81.0-1ubuntu1.22
|
|
| 20.04 LTS focal | Ignored changes too intrusive | |
| 18.04 LTS bionic | Ignored changes too intrusive | |
| 16.04 LTS xenial | Ignored changes too intrusive | |
| 14.04 LTS trusty | Ignored changes too intrusive |
Notes
hlibk
On focal and below, a major code refactor needs to be backported beforehand which is intrusive and may introduce regressions.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-8062-1
- curl vulnerabilities
- 25 February 2026