PT-2026-1657 · Curl+6 · Curl+6

Daniel Stenberg

Published

2025-01-01

Updated

2026-06-05

CVE-2025-14524

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions curl (affected versions not specified)

Description A bearer token leak occurs on a cross-protocol redirect. The issue involves curl and potentially allows unauthorized access due to the leakage of sensitive authentication tokens.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Open Redirect

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-522

Related Identifiers

AZL-74192

AZL-74207

BDU:2026-02955

CVE-2025-14524

ECHO-5C48-9921-1026

JLSEC-2026-428

MGASA-2026-0003

OESA-2026-1190

OESA-2026-1191

OESA-2026-1192

OESA-2026-1193

OESA-2026-1194

OESA-2026-1195

OPENSUSE-SU-2026:10017-1

OPENSUSE-SU-2026:20031-1

RHSA-2026:6893

SUSE-SU-2026:0050-1

SUSE-SU-2026:0051-1

SUSE-SU-2026:0052-1

SUSE-SU-2026:0066-1

SUSE-SU-2026:0508-1

SUSE-SU-2026:20042-1

SUSE-SU-2026:20062-1

SUSE-SU-2026:20082-1

SUSE-SU-2026:20110-1

USN-8062-1

Affected Products

Debian

Ibm Aix

Linuxmint

Apple Macos

Red Os

Ubuntu

Curl

PT-2026-1657 · Curl+6 · Curl+6

CVE-2025-14524

Weakness Enumeration

Related Identifiers

Affected Products

References · 107