CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0167: netrc and default credential leak

Description

When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.

Classification

CVE ID: CVE-2025-0167

Affected Products

Vendor: curl

Product: curl

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.33% (scored less or equal to compared to others)

EPSS Date: 2025-03-06 (when was this score calculated)

References

https://curl.se/docs/CVE-2025-0167.json
https://curl.se/docs/CVE-2025-0167.html
https://hackerone.com/reports/2917232

Timeline

2025-02-06 00:30:15 UTC
CVE

netrc and default credential leak
2025-04-01 10:15:24 UTC
Tenable Plugins

EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1330)
2025-04-01 10:15:25 UTC
Tenable Plugins

EulerOS 2.0 SP13 : curl (EulerOS-SA-2025-1313)
2025-04-14 06:00:41 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: curl (CVE-2025-0167)
2025-04-14 06:00:42 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: curl (CVE-2025-0167)