CVE-2025-14819 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
haxx	curl	7.87.0 ≤ 𝑥 < 8.18.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

curl

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	7.74.0-1.3+deb11u13 fixed
bullseye (security)	7.74.0-1.3+deb11u16 fixed
forky	8.19.0-3 fixed
sid	8.19.0-3 fixed
trixie	no-dsa

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

Vulnerability Media Exposure

[ENGLISH] ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New bugs, faster use, less time to react. That’s this week. Read&
Published: 2026-04-06T18:16:00+05:30

References

https://curl.se/docs/CVE-2025-14819.html

https://curl.se/docs/CVE-2025-14819.json

http://www.openwall.com/lists/oss-security/2026/01/07/5