CVE-2025-14524 – bearer token leak on cross-protocol redirect

CVE ID : CVE-2025-14524

Published : Jan. 8, 2026, 10:07 a.m. | 20 minutes ago

Description : When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP,
POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new
target host.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…