#curl 8.18.0 has been released. This release fixes 1 medium and 5 low level vulnerabilities:
- CVE-2025-14017: broken TLS options for threaded LDAPS
- CVE-2025-14524: bearer token leak on cross-protocol redirect
- CVE-2025-14819: OpenSSL partial chain store policy bypass
- CVE-2025-15079: libssh global knownhost override
- CVE-2025-15224: libssh key passphrase bypass without agent set
I discovered the last 2 vulnerabilities.
Download curl 8.18.0 from
#vulnerabilityresearch #vulnerability #cybersecurity #infosec
curl - broken TLS options for threaded LDAPS - CVE-2025-14017
curl - bearer token leak on cross-protocol redirect - CVE-2025-14524
curl - OpenSSL partial chain store policy bypass - CVE-2025-14819
curl - libssh global known_hosts override - CVE-2025-15079
curl - libssh key passphrase bypass without agent set - CVE-2025-15224
curl - Download