CVE-2025-14017 in the Identity Manager Provisioning Server library libcurl.so.4.4.0
search cancel

CVE-2025-14017 in the Identity Manager Provisioning Server library libcurl.so.4.4.0

book

Article ID: 434788

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

A security vulnerability scanner identifies CVE-2025-14017 in the Identity Manager Provisioning Server library libcurl.so.4.4.0.

Environment

Identity Manager 14.5.1

JBOSS - 7.4

RHEL 8

Cause

The exploit for CVE-2025-14017 requires an application to perform concurrent LDAPS transfers in a multi-threaded environment while dynamically changing TLS options.

Resolution

The Identity Manager Provisioning Server (IMPS) is not affected and cannot be exploited by this vulnerability because of its specific implementation of libcurl:

  1. Limited Scope: IMPS utilizes libcurl.so exclusively for HTTP/HTTPS POST calls to the Identity Management Server (IMS).
  2. Thread Model: IMPS processes inbound notifications using a single-threaded connection.
  3. LDAP Implementation: IMPS does not utilize libcurl for LDAP or LDAPS operations.

No remediation steps, library replacements, or upgrades are required for Identity Manager to address

Powered by Wolken Software