CVE-2025-0167

ℹ️ low

Summary

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

CVSS Score

3.4

Low

EPSS Score

0.2

Exploit Probability

Published Date

2025-02-05

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.8% of all 329,456 vulnerabilities in our database.

#320,235

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Feb 5, 2025

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Yihang Zhou Daniel Stenberg (remediation developer)

SSVC data provided by CISA

Last Modified 2025-07-30

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

📦 Affected Products 16

Vendor	Product	Status	Affected Versions
haxx	curl	Affected	≥ 7.76.0 < 8.12.0
netapp	ontap_select_deploy_administration_utility	Affected	v-
netapp	element_software	Affected	v-
netapp	h610s_firmware	Affected	v-
netapp	solidfire_\&_hci_management_node	Affected	v-
netapp	h300s_firmware	Affected	v-
netapp	h410c_firmware	Affected	v-
netapp	h410s_firmware	Affected	v-
netapp	h500s_firmware	Affected	v-
netapp	h700s_firmware	Affected	v-
netapp	solidfire_\&_hci_storage_node	Affected	v-
netapp	h610c_firmware	Affected	v-
netapp	h615c_firmware	Affected	v-
netapp	ontap_tools	Affected	v9
netapp	bootstrap_os	Affected	v-
netapp	ontap	Affected	v9

🔗 References 4

https://curl.se/docs/CVE-2025-0167.html

Vendor Advisory

https://curl.se/docs/CVE-2025-0167.json

Vendor Advisory

https://hackerone.com/reports/2917232

Exploit Issue Tracking Third Party Advisory

https://security.netapp.com/advisory/ntap-20250306-0...

Third Party Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-4873	🔶 medium	5.9	0.0	A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the s...	2026-05-13
CVE-2026-6253	🔶 medium	5.9	0.0	curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following cond...	2026-05-13
CVE-2026-6276	⚠️ high	7.5	0.0	Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done u...	2026-05-13
CVE-2026-6429	🔶 medium	5.3	0.0	When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password use...	2026-05-13
CVE-2026-7009	🔶 medium	5.3	0.0	When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify t...	2026-05-13
CVE-2026-7168	🔶 medium	5.3	0.1	Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with Digest authentication and the...	2026-05-13

These CVEs affect the same products