CVE-2025-14524 — Vulnetix

CVE-2025-14524 PUBLISHED

EPSS 0.03% · 8.2th percentile

Risk Scores

EPSS Score

0.03%

8.2th percentile

Affected Products

Vendor	Product	Versions
Amazon	curl

Exploit Intelligence

CVE-2026-3783: token leak with redirect and netrc (hackerone)
libcurl: Improper Authentication State Management on Cross-Protocol Redirects (hackerone)
CVE-2025-14524: bearer token leak on cross-protocol redirect (hackerone)
CVE-2026-3783: token leak with redirect and netrc (hackerone)
libcurl: Improper Authentication State Management on Cross-Protocol Redirects (hackerone)
CVE-2025-14524: bearer token leak on cross-protocol redirect (hackerone)
CVE-2026-3783: token leak with redirect and netrc (hackerone)
libcurl: Improper Authentication State Management on Cross-Protocol Redirects (hackerone)
CVE-2025-14524: bearer token leak on cross-protocol redirect (hackerone)
issue (cve.org)

…and 79 more exploits

Timeline

CVE Published
Jan 7, 2026 PoC Published
Jan 8, 2026 EPSS Score
Jan 11, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 17, 2026 PoC Published
Jan 18, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 27, 2026 EPSS Score
Jan 30, 2026 EPSS Score
Feb 2, 2026 EPSS Score

References

ALAS2-2026-3173: curl (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›