Security Advisory

CVE-2025-14524

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-08 10:07:25

Last updated 2026-04-02 13:20:16

Assigner curl

State PUBLISHED

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

← Browse all CVEs View on cve.org ↗