CVE-2025-14819

Published Jan 8, 2026

Last updated 4 months ago

CVSS medium 5.3
Curl

Overview

Description
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD status
Analyzed
Products
curl

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
3.6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-295

Social media

Hype score
Not currently trending

  1. Notepad++ 8.9.3 mit einigen Korrekturen und einer berbesserten SIcherheit für cURL (CVE-2025-14819) Für Notepad++ steht ein neues Update auf die Version 8.9.3 bereit. In dieser Version wurden eine Rei... https://t.co/vhWvsN4QDV

    @deskmodder

    24 Mar 2026

    121 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔍 Lambda Watchdog detected that CVE-2025-14819 is no longer present in latest AWS Lambda base image scans. https://t.co/cXjwTmuvDt #AWS #Lambda #Security #CVE #DevOps #SecOps

    @LambdaWatchdog

    15 Mar 2026

    138 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔍 Lambda Watchdog detected that CVE-2025-14819 is no longer present in latest AWS Lambda base image scans. https://t.co/cXjwTmuvDt #AWS #Lambda #Security #CVE #DevOps #SecOps

    @LambdaWatchdog

    14 Mar 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔍 Lambda Watchdog detected that CVE-2025-14819 is no longer present in latest AWS Lambda base image scans. https://t.co/cXjwTmuvDt #AWS #Lambda #Security #CVE #DevOps #SecOps

    @LambdaWatchdog

    13 Mar 2026

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CRITICAL: #Mageia 9 cURL security patches address 4 CVEs including OpenSSL bypass (CVE-2025-14819) and bearer token leaks. Read more: 👉 https://t.co/w8Mzvi2wDI #Security https://t.co/rcOXGzDVsY

    @Cezar_H_Linux

    10 Jan 2026

    69 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-14819 When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store … https://t.co/P3miCOQvqQ

    @CVEnew

    8 Jan 2026

    182 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.CVE-2026-7009
  2. Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.CVE-2026-7168
  3. Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.CVE-2026-6276
  4. When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.CVE-2026-6429
  5. libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.CVE-2026-5773

References

Sources include official advisories and independent security research.