The vulnerability afflicts cURL, the popular command‑line tool and library for handling network requests. When cURL is set up to use distinct proxy servers for different URL schemes, a redirection that moves from a URL accessed through an authenticated proxy to a URL using an unauthenticated proxy can inadvertently leak the credentials of the original authenticated proxy. The description cites improper credential management (CWE‑522), but the CNA lists the weakness as CWE‑201; either way the result is the exposure of proxy usernames and passwords. An attacker who can observe or influence the traffic generated by a configured curl instance could capture these credentials and use them to gain unauthorized network access or to learn sensitive configuration details.

This flaw impacts all cURL installations—the command‑line tool and the libcurl library—regardless of platform, because no specific version numbers were supplied by the CNA. Given the absence of a version range, any release that still follows the legacy proxy handling model is potentially affected, until the issue is fixed in a newer version.

With a CVSS score of 5.3 the flaw is moderate in severity. There is no EPSS score provided and the vulnerability is not listed in the CISA KEV catalog, indicating that broad exploitation is unlikely at present. The attack requires a curl configuration that uses separate proxies for different URL schemes and a subsequent redirect that changes the proxy context. The attacker must either monitor traffic to the curl instance or actively influence the redirect to capture the leaked credentials—a relatively constrained ad‑hoc scenario.