CVE-2025-0167

CVSS 3.1 Score 3.4 of 10 (low)

Details

Published Feb 5, 2025

Updated: Feb 6, 2025

Summary

CVE-2025-0167 is a vulnerability affecting curl, a widely-used command-line tool for transferring data. Under specific conditions, when curl is instructed to use a `.netrc` file for credentials and follow HTTP redirects, the tool may inadvertently disclose the password used for the initial host to the redirected host. This issue only arises if the `.netrc` file contains a `default` entry that omits both login and password information, making this a relatively uncommon scenario.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Haxx Curl

Affected Vendors

Haxx

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2EzHsZ
https://www.cve.org/CVERecord?id=CVE-2025-0167
https://nvd.nist.gov/vuln/detail/CVE-2025-0167

Back to Vulnerability Database