- Description
- When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
- Source
- 2499f714-1537-4658-8207-48ae4bb9eae9
- NVD status
- Analyzed
- Products
- curl
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 5.2
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
Critical security update analysis published: CVE-2025-14017 in curl for #Fedora 42 Just analyzed the recently patched TLS vulnerability affecting threaded LDAPS operations in curl. Read more: ๐ https://t.co/uOKPhn5Tiw #Security https://t.co/T8hL8BLs3S
@Cezar_H_Linux
28 Jan 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Breaking: 5 cURL vulnerabilities patched in #SUSE Linux Micro 6.2 (CVE-2025-14017, -14524, -14819, -15079, -15224). Includes bearer token leaks & SSH bypasses. Immediate patching required for internet-facing systems. Read more: ๐ https://t.co/cGvp3bFOZR #Security h
@Cezar_H_Linux
23 Jan 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Critical cURL patch released: CVE-2025-14017. Impacts #SUSE Linux (SLES 15 SP4). Patch to curl 7.87.0-150400.7.26.1 immediately. Read more: ๐ https://t.co/ky3TvcgvJx #Security https://t.co/QiE7YDetep
@Cezar_H_Linux
9 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: #openSUSE Leap 15.6 security update addresses curl vulnerability CVE-2025-14017 affecting threaded LDAPS TLS options. Read more: ๐ https://t.co/98Tx8L0sto #Security https://t.co/ZHZAqTt9IW
@Cezar_H_Linux
9 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE Leap 15.6 security update for curl (CVE-2025-14017) patches a critical TLS options flaw in threaded LDAPS. Read more: ๐ https://t.co/EVVwxnKFom #Security https://t.co/1j8dKzly0f
@Cezar_H_Linux
9 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
6 CVEs in curl https://t.co/sgfRoHLxb5 2 are Medium severity: CVE-2025-13034: No QUIC certificate pinning with GnuTLS CVE-2025-14017: broken TLS options for threaded LDAPS 4 more are Low severity
@oss_security
9 Jan 2026
416 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14017 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possโฆ https://t.co/0B2ZG3QwoA
@CVEnew
8 Jan 2026
223 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-14017 [ADVISORY] curl CVE-2025-14017 https://t.co/2tyQZLrdVu
@VulmonFeeds
7 Jan 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB495B1D-83CF-4C91-9091-7D2FBD14051E",
"versionEndExcluding": "8.18.0",
"versionStartIncluding": "7.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]