AZL-74207

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74207.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74207

Upstream

CVE-2025-14524

Published

2026-01-08T10:15:46Z

Modified

2026-04-01T05:22:42.088104Z

Summary

CVE-2025-14524 affecting package cmake 3.30.3-11

Details

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-14524

Affected packages

Azure Linux:3 / cmake

Package

Name: cmake
Purl: pkg:rpm/azure-linux/cmake

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.30.3-11

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74207.json"