- Description
- When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
- Source
- 2499f714-1537-4658-8207-48ae4bb9eae9
- NVD status
- Analyzed
- Products
- curl
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 5.2
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
๐ Lambda Watchdog detected that CVE-2025-14017 is no longer present in latest AWS Lambda base image scans. https://t.co/5for9nfqv6 #AWS #Lambda #Security #CVE #DevOps #SecOps
@LambdaWatchdog
15 Mar 2026
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ Lambda Watchdog detected that CVE-2025-14017 is no longer present in latest AWS Lambda base image scans. https://t.co/5for9nfqv6 #AWS #Lambda #Security #CVE #DevOps #SecOps
@LambdaWatchdog
14 Mar 2026
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ Lambda Watchdog detected that CVE-2025-14017 is no longer present in latest AWS Lambda base image scans. https://t.co/5for9nfqv6 #AWS #Lambda #Security #CVE #DevOps #SecOps
@LambdaWatchdog
13 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical security update analysis published: CVE-2025-14017 in curl for #Fedora 42 Just analyzed the recently patched TLS vulnerability affecting threaded LDAPS operations in curl. Read more: ๐ https://t.co/uOKPhn5Tiw #Security https://t.co/T8hL8BLs3S
@Cezar_H_Linux
28 Jan 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Breaking: 5 cURL vulnerabilities patched in #SUSE Linux Micro 6.2 (CVE-2025-14017, -14524, -14819, -15079, -15224). Includes bearer token leaks & SSH bypasses. Immediate patching required for internet-facing systems. Read more: ๐ https://t.co/cGvp3bFOZR #Security h
@Cezar_H_Linux
23 Jan 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Critical cURL patch released: CVE-2025-14017. Impacts #SUSE Linux (SLES 15 SP4). Patch to curl 7.87.0-150400.7.26.1 immediately. Read more: ๐ https://t.co/ky3TvcgvJx #Security https://t.co/QiE7YDetep
@Cezar_H_Linux
9 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: #openSUSE Leap 15.6 security update addresses curl vulnerability CVE-2025-14017 affecting threaded LDAPS TLS options. Read more: ๐ https://t.co/98Tx8L0sto #Security https://t.co/ZHZAqTt9IW
@Cezar_H_Linux
9 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE Leap 15.6 security update for curl (CVE-2025-14017) patches a critical TLS options flaw in threaded LDAPS. Read more: ๐ https://t.co/EVVwxnKFom #Security https://t.co/1j8dKzly0f
@Cezar_H_Linux
9 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
6 CVEs in curl https://t.co/sgfRoHLxb5 2 are Medium severity: CVE-2025-13034: No QUIC certificate pinning with GnuTLS CVE-2025-14017: broken TLS options for threaded LDAPS 4 more are Low severity
@oss_security
9 Jan 2026
416 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14017 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possโฆ https://t.co/0B2ZG3QwoA
@CVEnew
8 Jan 2026
223 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14017 [ADVISORY] curl CVE-2025-14017 https://t.co/2tyQZLrdVu
@VulmonFeeds
7 Jan 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB495B1D-83CF-4C91-9091-7D2FBD14051E",
"versionEndExcluding": "8.18.0",
"versionStartIncluding": "7.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]