CVE-2025-14524

ADVISORY - nist

Summary

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

EPSS Score⁠: 0.00021 (0.046)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

NIST

CREATED

24 days ago

UPDATED

12 days ago

ADVISORY IDCVE-2025-14524⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

5.3medium

Alpine

CREATED

25 days ago

UPDATED

1 hour ago

ADVISORY IDCVE-2025-14524⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

25 days ago

UPDATED

10 days ago

ADVISORY IDCVE-2025-14524⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

25 days ago

UPDATED

16 days ago

ADVISORY IDCVE-2025-14524⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

minimos

CREATED

19 days ago

UPDATED

19 days ago

ADVISORY ID

MINI-49mw-4m7j-pp8g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY