CVE-2025-0167 - Vulnerability Details

- netrc and default credential leak

Description

When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.

Published: 2025-02-05

Score: 3.4 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

curl

unaffected

Version	Status	Constraints
`8.11.1`	affected	≤ 8.11.1
`8.11.0`	affected	≤ 8.11.0
`8.10.1`	affected	≤ 8.10.1
`8.10.0`	affected	≤ 8.10.0
`8.9.1`	affected	≤ 8.9.1
`8.9.0`	affected	≤ 8.9.0
`8.8.0`	affected	≤ 8.8.0
`8.7.1`	affected	≤ 8.7.1
`8.7.0`	affected	≤ 8.7.0
`8.6.0`	affected	≤ 8.6.0
`8.5.0`	affected	≤ 8.5.0
`8.4.0`	affected	≤ 8.4.0
`8.3.0`	affected	≤ 8.3.0
`8.2.1`	affected	≤ 8.2.1
`8.2.0`	affected	≤ 8.2.0
`8.1.2`	affected	≤ 8.1.2
`8.1.1`	affected	≤ 8.1.1
`8.1.0`	affected	≤ 8.1.0
`8.0.1`	affected	≤ 8.0.1
`8.0.0`	affected	≤ 8.0.0
`7.88.1`	affected	≤ 7.88.1
`7.88.0`	affected	≤ 7.88.0
`7.87.0`	affected	≤ 7.87.0
`7.86.0`	affected	≤ 7.86.0
`7.85.0`	affected	≤ 7.85.0
`7.84.0`	affected	≤ 7.84.0
`7.83.1`	affected	≤ 7.83.1
`7.83.0`	affected	≤ 7.83.0
`7.82.0`	affected	≤ 7.82.0
`7.81.0`	affected	≤ 7.81.0
`7.80.0`	affected	≤ 7.80.0
`7.79.1`	affected	≤ 7.79.1
`7.79.0`	affected	≤ 7.79.0
`7.78.0`	affected	≤ 7.78.0
`7.77.0`	affected	≤ 7.77.0
`7.76.1`	affected	≤ 7.76.1
`7.76.0`	affected	≤ 7.76.0

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:netapp:element_software:-:::::::*
	cpe:2.3:a:netapp:ontap:9:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Curl	Curl	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-1518	When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
Ubuntu USN	USN-8084-1	curl vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00331.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://curl.se/docs/CVE-2025-0167.html
https://curl.se/docs/CVE-2025-0167.json
https://hackerone.com/reports/2917232
https://security.netapp.com/advisory/ntap-20250306-0008/

History

Wed, 30 Jul 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haxx Haxx curl Netapp Netapp bootstrap Os Netapp element Software Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware Netapp h700s Netapp h700s Firmware Netapp hci Compute Node Netapp ontap Netapp ontap Select Deploy Administration Utility Netapp ontap Tools Netapp solidfire \& Hci Management Node Netapp solidfire \& Hci Storage Node
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:haxx:curl:::::::: cpe:2.3:a:netapp:element_software:-:::::::* cpe:2.3:a:netapp:ontap:9:::::::* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere:: cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h610c:-:::::::* cpe:2.3:h:netapp:h610s:-:::::::* cpe:2.3:h:netapp:h615c:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:hci_compute_node:-:::::::* cpe:2.3:o:netapp:bootstrap_os:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h610c_firmware:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::*
Vendors & Products		Haxx Haxx curl Netapp Netapp bootstrap Os Netapp element Software Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h610c Netapp h610c Firmware Netapp h610s Netapp h610s Firmware Netapp h615c Netapp h615c Firmware Netapp h700s Netapp h700s Firmware Netapp hci Compute Node Netapp ontap Netapp ontap Select Deploy Administration Utility Netapp ontap Tools Netapp solidfire \& Hci Management Node Netapp solidfire \& Hci Storage Node

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00055}`	epss `{'score': 0.0007}`

Fri, 07 Mar 2025 01:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20250306-0008/

Thu, 06 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 3.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Feb 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
Title		netrc and default credential leak
References		https://curl.se/docs/CVE-2025-0167.html https://curl.se/docs/CVE-2025-0167.json https://hackerone.com/reports/2917232

Subscriptions

Curl Curl

Haxx Curl

Netapp Bootstrap Os Element Software H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H610c H610c Firmware H610s H610s Firmware H615c H615c Firmware H700s H700s Firmware Hci Compute Node Ontap Ontap Select Deploy Administration Utility Ontap Tools Solidfire \& Hci Management Node Solidfire \& Hci Storage Node

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2025-02-05T09:15:06.891Z

Updated: 2025-03-07T00:10:48.290Z

Reserved: 2024-12-31T23:07:29.650Z

Link: CVE-2025-0167

Vulnrichment

Updated: 2025-03-07T00:10:48.290Z

NVD

Status : Analyzed

Published: 2025-02-05T10:15:22.710

Modified: 2025-07-30T19:41:45.080

Link: CVE-2025-0167

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-21T15:17:50Z

Weaknesses

NVD-CWE-noinfo

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object