CVE-2025-14017
Last modified
CVE-2025-14017 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.. EPSS estimates a 0.11% chance of exploitation in the next 30 days.
Description
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.17.0, < 8.18.0 |
References
- https://curl.se/docs/CVE-2025-14017.htmlVendor Advisory
- https://curl.se/docs/CVE-2025-14017.jsonVendor Advisory
- http://www.openwall.com/lists/oss-security/2026/01/07/3Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-14017?
How severe is CVE-2025-14017?
How do I fix CVE-2025-14017?
Are you affected by CVE-2025-14017?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST