Vulnerability CVE-2025-14017: Information

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Severity: MEDIUM (6.3)
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-14017
Published: Jan. 8, 2026
Modified: Jan. 16, 2026

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus8.18.0-alt18.18.0-alt1ALT-PU-2026-1133-1404633Fixed
curlsisyphus_riscv648.18.0-alt18.18.0-alt1ALT-PU-2026-1147-1-Fixed
curlsisyphus_loongarch648.18.0-alt18.18.0-alt1ALT-PU-2026-1153-1-Fixed
curlp118.18.0-alt18.18.0-alt1ALT-PU-2026-1135-2404638Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://curl.se/docs/CVE-2025-14017.html
    https://curl.se/docs/CVE-2025-14017.json
      http://www.openwall.com/lists/oss-security/2026/01/07/3
        VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
        Version: v25.10.0
        Back to top