CVE-2025-14017

ADVISORY - nist

Summary

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

EPSS Score⁠: 0.00009 (0.006)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-1058⁠

Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

Impacted images

Advisories

NIST

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-14017⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

RATING UNAVAILABLE FROM ADVISORY

Alpine

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2025-14017⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-14017⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-14017⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-14017⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1058⁠

CVSS SCORE

4.8medium