CVE-2025-14524
MEDIUM | Platform: iPadOS | Changelog
CVE Details
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 5.3 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
Weakness
References
- Apple Security Advisory
- NVD Entry
- https://curl.se/docs/CVE-2025-14524.html (Vendor Advisory, Patch)
- https://curl.se/docs/CVE-2025-14524.json (Vendor Advisory)
- https://hackerone.com/reports/3459417 (Exploit, Issue Tracking, Third Party Advisory)
- http://www.openwall.com/lists/oss-security/2026/01/07/4 (Mailing List, Third Party Advisory, Patch)