CVE-2025-14017

Summary

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Affected Software

VendorProductVersion RangeStatus
curlcurl8.17.0 <= 8.17.0affected
curlcurl8.16.0 <= 8.16.0affected
curlcurl8.15.0 <= 8.15.0affected
curlcurl8.14.1 <= 8.14.1affected
curlcurl8.14.0 <= 8.14.0affected
curlcurl8.13.0 <= 8.13.0affected
curlcurl8.12.1 <= 8.12.1affected
curlcurl8.12.0 <= 8.12.0affected
curlcurl8.11.1 <= 8.11.1affected
curlcurl8.11.0 <= 8.11.0affected
curlcurl8.10.1 <= 8.10.1affected
curlcurl8.10.0 <= 8.10.0affected
curlcurl8.9.1 <= 8.9.1affected
curlcurl8.9.0 <= 8.9.0affected
curlcurl8.8.0 <= 8.8.0affected
curlcurl8.7.1 <= 8.7.1affected
curlcurl8.7.0 <= 8.7.0affected
curlcurl8.6.0 <= 8.6.0affected
curlcurl8.5.0 <= 8.5.0affected
curlcurl8.4.0 <= 8.4.0affected
curlcurl8.3.0 <= 8.3.0affected
curlcurl8.2.1 <= 8.2.1affected
curlcurl8.2.0 <= 8.2.0affected
curlcurl8.1.2 <= 8.1.2affected
curlcurl8.1.1 <= 8.1.1affected
curlcurl8.1.0 <= 8.1.0affected
curlcurl8.0.1 <= 8.0.1affected
curlcurl8.0.0 <= 8.0.0affected
curlcurl7.88.1 <= 7.88.1affected
curlcurl7.88.0 <= 7.88.0affected
curlcurl7.87.0 <= 7.87.0affected
curlcurl7.86.0 <= 7.86.0affected
curlcurl7.85.0 <= 7.85.0affected
curlcurl7.84.0 <= 7.84.0affected
curlcurl7.83.1 <= 7.83.1affected
curlcurl7.83.0 <= 7.83.0affected
curlcurl7.82.0 <= 7.82.0affected
curlcurl7.81.0 <= 7.81.0affected
curlcurl7.80.0 <= 7.80.0affected
curlcurl7.79.1 <= 7.79.1affected
curlcurl7.79.0 <= 7.79.0affected
curlcurl7.78.0 <= 7.78.0affected
curlcurl7.77.0 <= 7.77.0affected
curlcurl7.76.1 <= 7.76.1affected
curlcurl7.76.0 <= 7.76.0affected
curlcurl7.75.0 <= 7.75.0affected
curlcurl7.74.0 <= 7.74.0affected
curlcurl7.73.0 <= 7.73.0affected
curlcurl7.72.0 <= 7.72.0affected
curlcurl7.71.1 <= 7.71.1affected
curlcurl7.71.0 <= 7.71.0affected
curlcurl7.70.0 <= 7.70.0affected
curlcurl7.69.1 <= 7.69.1affected
curlcurl7.69.0 <= 7.69.0affected
curlcurl7.68.0 <= 7.68.0affected
curlcurl7.67.0 <= 7.67.0affected
curlcurl7.66.0 <= 7.66.0affected
curlcurl7.65.3 <= 7.65.3affected
curlcurl7.65.2 <= 7.65.2affected
curlcurl7.65.1 <= 7.65.1affected
curlcurl7.65.0 <= 7.65.0affected
curlcurl7.64.1 <= 7.64.1affected
curlcurl7.64.0 <= 7.64.0affected
curlcurl7.63.0 <= 7.63.0affected
curlcurl7.62.0 <= 7.62.0affected
curlcurl7.61.1 <= 7.61.1affected
curlcurl7.61.0 <= 7.61.0affected
curlcurl7.60.0 <= 7.60.0affected
curlcurl7.59.0 <= 7.59.0affected
curlcurl7.58.0 <= 7.58.0affected
curlcurl7.57.0 <= 7.57.0affected
curlcurl7.56.1 <= 7.56.1affected
curlcurl7.56.0 <= 7.56.0affected
curlcurl7.55.1 <= 7.55.1affected
curlcurl7.55.0 <= 7.55.0affected
curlcurl7.54.1 <= 7.54.1affected
curlcurl7.54.0 <= 7.54.0affected
curlcurl7.53.1 <= 7.53.1affected
curlcurl7.53.0 <= 7.53.0affected
curlcurl7.52.1 <= 7.52.1affected
curlcurl7.52.0 <= 7.52.0affected
curlcurl7.51.0 <= 7.51.0affected
curlcurl7.50.3 <= 7.50.3affected
curlcurl7.50.2 <= 7.50.2affected
curlcurl7.50.1 <= 7.50.1affected
curlcurl7.50.0 <= 7.50.0affected
curlcurl7.49.1 <= 7.49.1affected
curlcurl7.49.0 <= 7.49.0affected
curlcurl7.48.0 <= 7.48.0affected
curlcurl7.47.1 <= 7.47.1affected
curlcurl7.47.0 <= 7.47.0affected
curlcurl7.46.0 <= 7.46.0affected
curlcurl7.45.0 <= 7.45.0affected
curlcurl7.44.0 <= 7.44.0affected
curlcurl7.43.0 <= 7.43.0affected
curlcurl7.42.1 <= 7.42.1affected
curlcurl7.42.0 <= 7.42.0affected
curlcurl7.41.0 <= 7.41.0affected
curlcurl7.40.0 <= 7.40.0affected
curlcurl7.39.0 <= 7.39.0affected
curlcurl7.38.0 <= 7.38.0affected
curlcurl7.37.1 <= 7.37.1affected
curlcurl7.37.0 <= 7.37.0affected
curlcurl7.36.0 <= 7.36.0affected
curlcurl7.35.0 <= 7.35.0affected
curlcurl7.34.0 <= 7.34.0affected
curlcurl7.33.0 <= 7.33.0affected
curlcurl7.32.0 <= 7.32.0affected
curlcurl7.31.0 <= 7.31.0affected
curlcurl7.30.0 <= 7.30.0affected
curlcurl7.29.0 <= 7.29.0affected
curlcurl7.28.1 <= 7.28.1affected
curlcurl7.28.0 <= 7.28.0affected
curlcurl7.27.0 <= 7.27.0affected
curlcurl7.26.0 <= 7.26.0affected
curlcurl7.25.0 <= 7.25.0affected
curlcurl7.24.0 <= 7.24.0affected
curlcurl7.23.1 <= 7.23.1affected
curlcurl7.23.0 <= 7.23.0affected
curlcurl7.22.0 <= 7.22.0affected
curlcurl7.21.7 <= 7.21.7affected
curlcurl7.21.6 <= 7.21.6affected
curlcurl7.21.5 <= 7.21.5affected
curlcurl7.21.4 <= 7.21.4affected
curlcurl7.21.3 <= 7.21.3affected
curlcurl7.21.2 <= 7.21.2affected
curlcurl7.21.1 <= 7.21.1affected
curlcurl7.21.0 <= 7.21.0affected
curlcurl7.20.1 <= 7.20.1affected
curlcurl7.20.0 <= 7.20.0affected
curlcurl7.19.7 <= 7.19.7affected
curlcurl7.19.6 <= 7.19.6affected
curlcurl7.19.5 <= 7.19.5affected
curlcurl7.19.4 <= 7.19.4affected
curlcurl7.19.3 <= 7.19.3affected
curlcurl7.19.2 <= 7.19.2affected
curlcurl7.19.1 <= 7.19.1affected
curlcurl7.19.0 <= 7.19.0affected
curlcurl7.18.2 <= 7.18.2affected
curlcurl7.18.1 <= 7.18.1affected
curlcurl7.18.0 <= 7.18.0affected
curlcurl7.17.1 <= 7.17.1affected
curlcurl7.17.0 <= 7.17.0affected

Weaknesses

  • CWE-567 Unsynchronized Access to Shared Data in a Multi-threaded Context

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References