vulnerability
Ubuntu: USN-7845-1 (CVE-2025-62168): Squid vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Oct 21, 2025 | Oct 29, 2025 | Mar 27, 2026 |
Description
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
Solutions
References
- CVE-2025-62168
- https://attackerkb.com/topics/CVE-2025-62168
- CWE-209
- CWE-550
- EUVD-EUVD-2025-34894
- UBUNTU-USN-7845-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-34894
- https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f
- https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
- https://ubuntu.com/security/notices/USN-7845-1
- https://www.cve.org/CVERecord?id=CVE-2025-62168
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.