CVE-2025-14524
CVE Information
CVE ID
CVE-2025-14524
Severity
MEDIUM
CVSS 5.3
Publish Date
2026-01-08
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Collection Date
2026-02-05
Impact Summary
Affected Hosts
3
Related Incidents
0
Related Alerts
0
Affected Hosts (3)
| Hostname | OS Type | Severity | Total CVEs |
|---|---|---|---|
| in-bridge-40 | LINUX | CRITICAL | 396 |
| inbridge-ubt-24 | LINUX | CRITICAL | 2336 |
| inbridge-42 | LINUX | CRITICAL | 148 |