CVE Vulnerabilities

CVE-2025-0167

Published: Feb 05, 2025 | Modified: Jul 30, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
LOW

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

Affected Software

Name Vendor Start Version End Version
Curl Haxx 7.76.0 (including) 8.12.0 (excluding)
Curl Ubuntu jammy *
Curl Ubuntu noble *
Curl Ubuntu oracular *
Curl Ubuntu upstream *

References