CVE-2025-0167
published 2025-02-05CVE-2025-0167: When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to…
low3.4CVSS 3.1
AVNACHPRNUIRSCCLINAN
When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| curl | curl | 7.76.0 – 7.76.0 | — |
| curl | curl | 7.76.1 – 7.76.1 | — |
| curl | curl | 7.77.0 – 7.77.0 | — |
| curl | curl | 7.78.0 – 7.78.0 | — |
| curl | curl | 7.79.0 – 7.79.0 | — |
| curl | curl | 7.79.1 – 7.79.1 | — |
| curl | curl | 7.80.0 – 7.80.0 | — |
| curl | curl | 7.81.0 – 7.81.0 | — |
| curl | curl | 7.82.0 – 7.82.0 | — |
| curl | curl | 7.83.0 – 7.83.0 | — |
| curl | curl | 7.83.1 – 7.83.1 | — |
| curl | curl | 7.84.0 – 7.84.0 | — |
| curl | curl | 7.85.0 – 7.85.0 | — |
| curl | curl | 7.86.0 – 7.86.0 | — |
| curl | curl | 7.87.0 – 7.87.0 | — |
| curl | curl | 7.88.0 – 7.88.0 | — |
| curl | curl | 7.88.1 – 7.88.1 | — |
| curl | curl | 8.0.0 – 8.0.0 | — |
| curl | curl | 8.0.1 – 8.0.1 | — |
| curl | curl | 8.1.0 – 8.1.0 | — |
| curl | curl | 8.1.1 – 8.1.1 | — |
| curl | curl | 8.1.2 – 8.1.2 | — |
| curl | curl | 8.10.0 – 8.10.0 | — |
| curl | curl | 8.10.1 – 8.10.1 | — |
| curl | curl | 8.11.0 – 8.11.0 | — |
CVSS provenance
nvdv3.13.4LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
osv3.4LOW