Security Advisory

CVE-2025-0167

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-05 09:15:06

Last updated 2025-03-07 00:10:48

Assigner curl

State PUBLISHED

Description

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

← Browse all CVEs View on cve.org ↗