AZL-74192

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74192.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74192

Upstream

CVE-2025-14524

Published

2026-01-08T10:15:46Z

Modified

2026-04-01T05:22:21.777268Z

Summary

CVE-2025-14524 affecting package cmake 3.21.4-21

Details

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-14524

Affected packages

Azure Linux:2 / cmake

Package

Name: cmake
Purl: pkg:rpm/azure-linux/cmake

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.21.4-21

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74192.json"