CVE-2025-14017 — MEDIUM (6.3)

Q: How severe is CVE-2025-14017?

CVE-2025-14017 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-14017?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl.

Vulnerability Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Haxx	Curl	>= 7.17.0, < 8.18.0

References

https://curl.se/docs/CVE-2025-14017.htmlVendor Advisory
https://curl.se/docs/CVE-2025-14017.jsonVendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/07/3Mailing ListThird Party Advisory

FAQ

What is CVE-2025-14017?

CVE-2025-14017 is a vulnerability with a CVSS score of 6.3 (MEDIUM). When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrentl...

How severe is CVE-2025-14017?

CVE-2025-14017 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-14017?

Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl.