All vulnerabilities
CVE-2025-0167
netrc and default credential leak
Description
When asked to use a .netrc file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has a default entry that
omits both login and password. A rare circumstance.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
3.4
Severity
Low
Ecosystem
APT
Publish Date
February 5, 2025
Modified Date
May 26, 2026
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected Versions
