CVE-2025-62168

17.10.2025, 17:15

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
GitHub_M	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Vendor	Product	Version
squid-cache	squid	𝑥 < 7.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

squid

bullseye	vulnerable
bullseye (security)	4.13-10+deb11u6 fixed
bookworm	vulnerable
bookworm (security)	5.7-2+deb12u4 fixed
trixie (security)	6.13-2+deb13u1 fixed
trixie	6.13-2+deb13u1 fixed
forky	7.2-2 fixed
sid	7.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

squid3

questing	dne
plucky	dne
noble	dne
jammy	dne
bionic	Fixed 3.5.27-1ubuntu1.14+esm4 released
xenial	Fixed 3.5.12-1ubuntu7.16+esm5 released

squid

questing	Fixed 6.13-1ubuntu4.1 released
plucky	Fixed 6.13-1ubuntu1.2 released
noble	Fixed 6.13-0ubuntu0.24.04.3 released
jammy	Fixed 5.9-0ubuntu0.22.04.4 released
focal	Fixed 4.10-1ubuntu1.13+esm1 released

Common Weakness Enumeration

CWE-209 - Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.

Vulnerability Media Exposure

[GERMAN] Squid: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen und Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Squid ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen.
Published: 2025-10-16T22:00:00+00:00

References

https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f

https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr

http://www.openwall.com/lists/oss-security/2025/11/05/6