vulnerability
Oracle Linux: CVE-2025-62168: ELSA-2025-19107: squid:4 security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Oct 17, 2025 | Oct 29, 2025 | Oct 29, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 17, 2025
Added
Oct 29, 2025
Modified
Oct 29, 2025
Description
A Information Disclosure vulnerability has been identified in the Squid web caching proxy, affecting versions prior to 7.2. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol (HTTP) authentication credentials from an error response. A remote client can exploit this by triggering an error condition, which allows a malicious script to bypass browser security and disclose the username and password a trusted client uses for access. This directly compromises the security of internal application credentials and security tokens, especially when Squid is configured for backend load balancing.
Solutions
oracle-linux-upgrade-libecaporacle-linux-upgrade-libecap-develoracle-linux-upgrade-squid
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.