vulnerability
Amazon Linux 2023: CVE-2025-62168: Important priority package update for squid
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Oct 17, 2025 | Oct 28, 2025 | Oct 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 17, 2025
Added
Oct 28, 2025
Modified
Oct 28, 2025
Description
A Information Disclosure vulnerability has been identified in the Squid web caching proxy, affecting versions prior to 7.2. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol (HTTP) authentication credentials from an error response. A remote client can exploit this by triggering an error condition, which allows a malicious script to bypass browser security and disclose the username and password a trusted client uses for access. This directly compromises the security of internal application credentials and security tokens, especially when Squid is configured for backend load balancing.
Solutions
amazon-linux-2023-upgrade-squidamazon-linux-2023-upgrade-squid-debuginfoamazon-linux-2023-upgrade-squid-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.