CVE-2025-62168
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-17

Last updated on: 2025-11-05

Assigner: GitHub, Inc.

Description
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-17
Last Modified
2025-11-05
Generated
2026-06-16
AI Q&A
2025-10-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62168
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
squid-cache squid to 7.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-550 Certain conditions, such as network failure, will cause a server error message to be displayed.
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Squid versions prior to 7.2 involves a failure to redact HTTP authentication credentials in error handling. It allows a script to bypass browser security protections and obtain the credentials a trusted client uses to authenticate. This means an attacker can potentially learn sensitive authentication information that should be protected.

Impact Analysis

The vulnerability can lead to information disclosure where a remote client can identify security tokens or credentials used internally by a web application that uses Squid for backend load balancing. This can compromise the security of the application by exposing authentication credentials to unauthorized parties.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade Squid to version 7.2 or later. As a workaround, disable debug information in administrator mailto links generated by Squid by adding the configuration directive 'email_err_data off' to your squid.conf file.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart