CVE-2025-62168
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-62168
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62168.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62168
- Aliases
-
- GHSA-c8cc-phh7-xmxr
- Downstream
- Related
- Published
- 2025-10-17T16:21:30Z
- Modified
- 2025-11-03T02:41:00.729615Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Squid vulnerable to information disclosure via authentication credential leakage in error handling
- Details
-
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with emailerrdata off.
- Database specific
{ "cwe_ids": [ "CWE-209", "CWE-550" ] }- References
Affected packages
Git / github.com/squid-cache/squid
Affected ranges
- Type
- GIT
- Repo
- https://github.com/squid-cache/squid
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.15-20210522-snapshot
4.15-20210523-snapshot
4.15-20210524-snapshot
4.15-20210525-snapshot
4.15-20210527-snapshot
5.*
5.0.6-20210522-snapshot
5.0.6-20210523-snapshot
5.0.6-20210524-snapshot
5.0.6-20210525-snapshot
5.0.6-20210527-snapshot
6.*
6.0.0-20210522-master-snapshot
6.0.0-20210523-master-snapshot
6.0.0-20210524-master-snapshot
6.0.0-20210525-master-snapshot
6.0.0-20210527-master-snapshot
Other
BASIC_TPROXY4
HISTORIC_RELEASES
M-staged-PR161
M-staged-PR164
M-staged-PR170
M-staged-PR176
M-staged-PR179
M-staged-PR181
M-staged-PR182
M-staged-PR186
M-staged-PR189
M-staged-PR193
M-staged-PR195
M-staged-PR196
M-staged-PR198
M-staged-PR199
M-staged-PR200
M-staged-PR202
M-staged-PR206
M-staged-PR208
M-staged-PR209
M-staged-PR210
M-staged-PR218
M-staged-PR220
M-staged-PR221
M-staged-PR225
M-staged-PR227
M-staged-PR229
M-staged-PR230
M-staged-PR235
M-staged-PR237
M-staged-PR238
M-staged-PR239
M-staged-PR241
M-staged-PR242
M-staged-PR252
M-staged-PR255
M-staged-PR258
M-staged-PR264
M-staged-PR266
M-staged-PR267
M-staged-PR268
M-staged-PR274
M-staged-PR276
M-staged-PR293
M-staged-PR294
M-staged-PR295
M-staged-PR299
M-staged-PR306
M-staged-PR314
M-staged-PR319
M-staged-PR342
M-staged-PR345
M-staged-PR348
M-staged-PR351
M-staged-PR359
M-staged-PR364
M-staged-PR365
M-staged-PR366
M-staged-PR370
M-staged-PR372
M-staged-PR373
M-staged-PR375
M-staged-PR376
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_5_27
SQUID_4_0_1
SQUID_4_0_10
SQUID_4_0_11
SQUID_4_0_12
SQUID_4_0_13
SQUID_4_0_14
SQUID_4_0_15
SQUID_4_0_16
SQUID_4_0_2
SQUID_4_0_3
SQUID_4_0_4
SQUID_4_0_5
SQUID_4_0_6
SQUID_4_0_7
SQUID_4_0_8
SQUID_4_0_9
SQUID_7_0_1
SQUID_7_0_2
SQUID_7_1
for-libecap-v0p1
merge-candidate-3-v1
merge-candidate-3-v2
sourceformat-review-1
take00
take01
take02
take03
take04
take06
take07
take08
take09
take1
take2
BumpSslServerFirst.*
BumpSslServerFirst.take01
BumpSslServerFirst.take02
BumpSslServerFirst.take03
BumpSslServerFirst.take04
BumpSslServerFirst.take05
BumpSslServerFirst.take06
BumpSslServerFirst.take07
BumpSslServerFirst.take08
BumpSslServerFirst.take09
BumpSslServerFirst.take10
Database specific
vanir_signatures
[
{
"digest": {
"length": 519.0,
"function_hash": "327777053511069614100768595447467169557"
},
"target": {
"file": "src/client_side_reply.cc",
"function": "clientReplyContext::traceReply"
},
"signature_version": "v1",
"id": "CVE-2025-62168-0626ac7e",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"length": 6766.0,
"function_hash": "223393699816959158153041716773649096081"
},
"target": {
"file": "src/errorpage.cc",
"function": "ErrorState::compileLegacyCode"
},
"signature_version": "v1",
"id": "CVE-2025-62168-06b18bf1",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"330079626216983299346319282789588783393",
"99536952372208532581533763674629013439",
"84464677960065060430487142461920381007",
"189422918959754237161340880122934813379",
"334676105343781249739851979182455721899",
"161960470368651605046960689044185620012",
"82337303492731924333263763390494726976",
"16617751422924729520036878086927693091",
"125273514181046216235845047567827882917",
"197986916738101401788913218546595376877",
"195683800932925076744946768351203205823",
"89500157157634256682350323965279218791",
"223224762111926895939179438283809802355",
"318804591450246526461169288817516739930",
"124797948367594300721061304620897118022",
"315412529450819247568495619715473999582",
"251752150260384581782488549897792607777",
"288048714456402902670763645807465336534"
]
},
"target": {
"file": "src/client_side_reply.cc"
},
"signature_version": "v1",
"id": "CVE-2025-62168-0f4afcb1",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"48249970213127052476692123339404249387",
"23210683955670495681813925940210783768",
"31410642863208108351657732069860153360",
"21750396420790169326381846951660026255"
]
},
"target": {
"file": "src/HttpRequest.h"
},
"signature_version": "v1",
"id": "CVE-2025-62168-1609a26c",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"length": 1451.0,
"function_hash": "296994947859421361316567431556731963747"
},
"target": {
"file": "src/errorpage.cc",
"function": "ErrorState::Dump"
},
"signature_version": "v1",
"id": "CVE-2025-62168-23b8062a",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"length": 320.0,
"function_hash": "306257554989896350600461858124452392608"
},
"target": {
"file": "src/HttpRequest.cc",
"function": "HttpRequest::pack"
},
"signature_version": "v1",
"id": "CVE-2025-62168-2cc84e10",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"272973159026035672876319060740702432136",
"275567706527222419870904455846139545512",
"182476390616691418709371087849344885",
"14175472231678874213252500129668194514",
"132606143200006266908282491039648670432",
"317390686196317057267930904157428759091",
"107728487872652795674991630616869168080",
"204342284197145843353369149636606796514",
"147051383532699138001766067756230264668",
"196416326470648265569878806786004517314",
"91499281048218063695817353562112862267",
"259660261571930952660586771733579124347",
"332297868249297743121564335921123091610",
"15240647121118551685026373237294752037",
"254045675033858377989629266106479233859",
"292164418073743176844906936340783295965",
"318214153731623090490923765147276298280",
"81413023514986186690823167093550271853",
"111495361489110509256356200806299923880",
"178572140369819662473714958058366662585",
"55677179894432956756970986458270807170",
"243749876232182947922257577827246724584",
"304104966907259142416953967993479777888"
]
},
"target": {
"file": "src/errorpage.cc"
},
"signature_version": "v1",
"id": "CVE-2025-62168-52bd77ac",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"319628864638996233576040037683439836068",
"235689941047998612515554073966651476498",
"157821449190967625544281066808262964558",
"286138395319723657978434809546053764065"
]
},
"target": {
"file": "src/tests/stub_HttpRequest.cc"
},
"signature_version": "v1",
"id": "CVE-2025-62168-7264ca6d",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"length": 440.0,
"function_hash": "319525920836719022175801197013059394515"
},
"target": {
"file": "src/errorpage.cc",
"function": "ErrorState::~ErrorState"
},
"signature_version": "v1",
"id": "CVE-2025-62168-98ad54a3",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"234319771326960497305858262692665464581",
"313900222983792197615514199201858887582",
"7051046443802222357711021471833530143",
"130357362660381162472516289331575203400"
]
},
"target": {
"file": "src/errorpage.h"
},
"signature_version": "v1",
"id": "CVE-2025-62168-dea9b74b",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"93816443296761512862670098502667722492",
"54915514561115145443806135933830514105",
"244088937199770750281711899065074353911",
"164967647240795652974566680634868295484",
"113149346552744538682618741743081408310",
"279531468366383736788411606699547275014",
"155586136457317076102712412659773568376",
"275051774967319523081495527395460721115"
]
},
"target": {
"file": "src/HttpRequest.cc"
},
"signature_version": "v1",
"id": "CVE-2025-62168-e4abf7f3",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
}
]