vulnerability
Ubuntu: USN-7845-1 (CVE-2025-62168): Squid vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Oct 21, 2025 | Oct 29, 2025 | Oct 30, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Oct 21, 2025
Added
Oct 29, 2025
Modified
Oct 30, 2025
Description
Leonardo Giovannini discovered that Squid failed to redact HTTP
Authentication credentials in a default configuration. An attacker could
possibly use this issue to obtain sensitive information.
Solutions
ubuntu-pro-upgrade-squidubuntu-pro-upgrade-squid3
References
- CVE-2025-62168
- https://attackerkb.com/topics/CVE-2025-62168
- CWE-209
- CWE-550
- UBUNTU-USN-7845-1
- URL-https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f
- URL-https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
- URL-https://ubuntu.com/security/notices/USN-7845-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-62168
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.