Unrated severityOSV Advisory· Published Jan 8, 2026· Updated Apr 30, 2026

broken TLS options for threaded LDAPS

CVE-2025-14017

Description

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.

Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

Affected products

Curl/CurlOSV
Range: curl-7_17_0, curl-7_17_0-preldapfix, curl-7_17_1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

curl.se/docs/CVE-2025-14017.htmlmitre
curl.se/docs/CVE-2025-14017.jsonmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000