{"id":"CURL-CVE-2025-0167","summary":"netrc and default credential leak","details":"When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance.","aliases":["CVE-2025-0167"],"modified":"2025-11-05T13:56:14Z","published":"2025-02-05T08:00:00Z","database_specific":{"award":{"currency":"USD","amount":"505"},"package":"curl","issue":"https://hackerone.com/reports/2917232","CWE":{"id":"CWE-200","desc":"Exposure of Sensitive Information to an Unauthorized Actor"},"affects":"both","last_affected":"8.11.1","URL":"https://curl.se/docs/CVE-2025-0167.json","severity":"Low","www":"https://curl.se/docs/CVE-2025-0167.html"},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.76.0"},{"fixed":"8.12.0"}]},{"type":"GIT","repo":"https://github.com/curl/curl.git","events":[{"introduced":"46620b97431e19c53ce82e55055c85830f088cf4"},{"fixed":"0e120c5b925e8ca75d5319e319e5ce4b8080d8eb"}]}],"versions":["8.11.1","8.11.0","8.10.1","8.10.0","8.9.1","8.9.0","8.8.0","8.7.1","8.7.0","8.6.0","8.5.0","8.4.0","8.3.0","8.2.1","8.2.0","8.1.2","8.1.1","8.1.0","8.0.1","8.0.0","7.88.1","7.88.0","7.87.0","7.86.0","7.85.0","7.84.0","7.83.1","7.83.0","7.82.0","7.81.0","7.80.0","7.79.1","7.79.0","7.78.0","7.77.0","7.76.1","7.76.0"],"database_specific":{"vanir_signatures":[{"id":"CURL-CVE-2025-0167-15d6fd1f","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb","digest":{"threshold":0.9,"line_hashes":["20458848727035232539463676160844715969","90706272737080507433274527716916664546","16917327258350909374225622337481945083","95294599251604326993271975417061449667","69955327080921055285093850767477732234","68948961411026234800199585682669406206","191585321479983056735666444989778000369"]},"signature_type":"Line","target":{"file":"lib/netrc.c"}},{"id":"CURL-CVE-2025-0167-9ba894d6","deprecated":false,"signature_version":"v1","source":"https://github.com/curl/curl.git/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb","digest":{"function_hash":"7801934723948004267281319048702801809","length":3446},"signature_type":"Function","target":{"function":"parsenetrc","file":"lib/netrc.c"}}],"source":"https://curl.se/docs/CURL-CVE-2025-0167.json"}}],"schema_version":"1.7.3","credits":[{"name":"Yihang Zhou","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}