new file mode 100644
@@ -0,0 +1,33 @@
+From 1a822275d333dc6da6043497160fd04c8fa48640 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 10 Dec 2025 11:40:47 +0100
+Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer
+
+Closes #19933
+
+Upstream-Status: Backport [import from ubuntu curl_7.81.0-1ubuntu1.23.debian.tar.xz
+Upstream commit https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640]
+CVE: CVE-2025-14524
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ lib/curl_sasl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
+index 7e28c92..ed9ca96 100644
+--- a/lib/curl_sasl.c
++++ b/lib/curl_sasl.c
+@@ -531,7 +531,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
+ data->set.str[STRING_SERVICE_NAME] :
+ sasl->params->service;
+ #endif
+- const char *oauth_bearer = data->set.str[STRING_BEARER];
++ const char *oauth_bearer =
++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
++ data->set.str[STRING_BEARER] : NULL;
+ struct bufref serverdata;
+
+ Curl_bufref_init(&serverdata);
+--
+2.25.1
+
@@ -70,6 +70,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2025-14017.patch \
file://CVE-2025-15079.patch \
file://CVE-2025-15224.patch \
+ file://CVE-2025-14524.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"