VDB
DEBIAN-CVE-2025-0167
DEBIAN-CVE-2025-0167
PUBLISHED
CVSS 3.4000000953674316 LOW
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
Risk Scores
CVSS 3.1
3.4000000953674316
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | curl | 0, 0 |
| Debian:13 | curl | 0, 0 |
| Debian:12 | curl | 7.88.1-10+deb12u3, 7.88.1-10+deb12u3~bpo11+1, 7.88.1-10+deb12u4 |
Exploit Intelligence
- test_scrapers.py (github-poc)
Timeline
- Feb 5, 2025 CVE Published
- Apr 28, 2026 CVE Updated