CVE-2025-62168
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-11-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squid-cache | squid | to 7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-550 | Certain conditions, such as network failure, will cause a server error message to be displayed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Squid versions prior to 7.2 involves a failure to redact HTTP authentication credentials in error handling. It allows a script to bypass browser security protections and obtain the credentials a trusted client uses to authenticate. This means an attacker can potentially learn sensitive authentication information that should be protected.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure where a remote client can identify security tokens or credentials used internally by a web application that uses Squid for backend load balancing. This can compromise the security of the application by exposing authentication credentials to unauthorized parties.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade Squid to version 7.2 or later. As a workaround, disable debug information in administrator mailto links generated by Squid by adding the configuration directive 'email_err_data off' to your squid.conf file.