Skip to main content

TLS CVE-2025-14819

MEDIUM
Improper Certificate Validation (CWE-295)
2026-01-08 2499f714-1537-4658-8207-48ae4bb9eae9
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
6.8 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Jan 20, 2026 - 14:51 nvd
Patch available
CVE Published
Jan 08, 2026 - 10:15 nvd
MEDIUM 5.3

DescriptionCVE.org

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

AnalysisAI

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]

Technical ContextAI

Classified as CWE-295 (Improper Certificate Validation). Affects Curl. When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

More in TLS

View all
CVE-2026-27180 CRITICAL POC
9.8 Feb 18

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromis

CVE-2026-27944 CRITICAL POC
9.8 Mar 05

Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.

CVE-2026-27590 CRITICAL POC
9.8 Feb 24

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to

CVE-2026-27586 CRITICAL POC
9.1 Feb 24

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in Cli

CVE-2026-27588 CRITICAL POC
9.1 Feb 24

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casi

CVE-2026-27587 CRITICAL POC
9.1 Feb 24

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using altern

CVE-2026-25160 CRITICAL POC
9.1 Feb 04

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file

CVE-2026-30851 HIGH POC
8.1 Mar 07

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, e

CVE-2022-40620 HIGH POC
7.7 Jan 28

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce

CVE-2026-30852 HIGH POC
7.5 Mar 07

Caddy versions 2.7.5 through 2.11.1 contain a template injection vulnerability in the vars_regexp matcher that allows re

CVE-2026-25961 HIGH POC
7.5 Feb 09

SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers

CVE-2025-68133 HIGH POC
7.4 Jan 21

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container private-registry/harbor-trivy-adapter:1.1.0-1.7 Container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.2.6.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Image pr_15_7 Image proxy-salt-broker-image Image server-database-migration-image Image server-hub-xmlrpc-api-image Image server-migration-14-16-image Image server-postgresql-image Image server-saline-image Affected
Container suse/ltss/sle12.5/sles12sp5:8.5.174 Image SLES12-SP5-EC2-ECS-On-Demand Affected
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.25 Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.26 Container suse/sle-micro/base-5.5:2.0.4-5.8.240 Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-SAP-BYOS-EC2 Image SLES15-SP5-SAP-Hardened-BYOS-EC2 Affected
Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-Azure Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-Azure Image SLES15-SP6-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-EC2 Image SLES15-SP6-SAP-Hardened-GCE Affected
Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container suse/manager/5.0/x86_64/server-migration-14-16:latest Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Affected

Share

CVE-2025-14819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy