2426407 – (CVE-2025-14524) CVE-2025-14524 curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token

Bug 2426407 (CVE-2025-14524) - CVE-2025-14524 curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token

Summary: CVE-2025-14524 curl: Information disclosure via cross-protocol redirect with ...

Keywords:
Status:	NEW
Alias:	CVE-2025-14524
Deadline:	2026-01-07
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-31 04:08 UTC by OSIDB Bzimport
Modified:	2026-04-08 08:41 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-31 04:08:59 UTC

when an oauth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
crizzo
csutherl
dbosanac
gtanzill
jbuscemi
jcantril
jclere
jmitchel
jreimann
kshier
mdessi
mrizzi
pbohmill
pcattana
pjindal
plodge
rojacob
sdawley
security-response-team
stcannon
szappis
teagle
vchlup
yguenane