vulnerability

Red Hat: CVE-2025-62168: squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Oct 17, 2025	Oct 29, 2025	Nov 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Oct 17, 2025

Added

Oct 29, 2025

Modified

Nov 14, 2025

Description

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol (HTTP) authentication credentials from an error response. A remote client can exploit this by triggering an error condition, which allows a malicious script to bypass browser security and disclose the username and password a trusted client uses for access. This directly compromises the security of internal application credentials and security tokens, especially when Squid is configured for backend load balancing.

Solutions

redhat-upgrade-libecapredhat-upgrade-libecap-debuginforedhat-upgrade-libecap-debugsourceredhat-upgrade-libecap-develredhat-upgrade-squidredhat-upgrade-squid-debuginforedhat-upgrade-squid-debugsource

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today