CVE-2025-14017

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Ссылки

https://curl.se/docs/CVE-2025-14017.html
Vendor Advisory
https://curl.se/docs/CVE-2025-14017.json
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Версия от 7.17.0 (включая) до 8.18.0 (исключая)

EPSS

Процентиль: 0%

0.00007

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2025-14017

CVSS3: 6.3

ubuntu

около 1 месяца назад

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

CVE-2025-14017

CVSS3: 6.3

debian

около 1 месяца назад

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl ...

SUSE-SU-2026:0221-1

suse-cvrf

16 дней назад

Security update for curl

SUSE-SU-2026:0119-1

suse-cvrf

25 дней назад

Security update for curl

SUSE-SU-2026:0077-1

suse-cvrf

30 дней назад

Security update for curl

EPSS

Процентиль: 0%

0.00007

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-Other