What is CVE-2025-0167?

A low-severity credential leak vulnerability exists in Haxx Curl when using a `.netrc` file. Organizations should review their configurations to prevent potential information exposure.

What is the severity of CVE-2025-0167?

CVE-2025-0167 has a severity rating of LOW with a CVSS base score of 3.4.

CVE-2025-0167 | Low Vulnerability in Haxx Curl

This vulnerability allowsfor sensitive credential leaks under specific configurations when using Haxx Curl, posing a potential risk to organizations.

The vulnerability has been assigned a CVSS score of 3.4, indicating it is of low severity. However, it can still lead to unauthorized access if not addressed. The flaw occurs when the curl command is configured to utilize a `.netrc` file for credentials and to follow HTTP redirects under certain conditions.

Risk to organizations includespotential credential exposure if the `.netrc` file has a `default` entry that omits both login and password, a rare but possible configuration.

Organizations should prioritize patching immediately.

The vulnerability was published on February 5, 2025, and it is crucial for organizations using affected products to assess their exposure and implement necessary mitigations.

Vulnerability Details

The CVE-2025-0167 vulnerability specifically affects Haxx Curl and related NetApp products such as Element Software and ONTAP. The flaw manifests when the curl command is instructed to use a `.netrc` file and follow HTTP redirects.

The official description states: 'When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.'

This vulnerability is classified under CVSS version 3.1 with a score of 3.4, indicating a low severity level. The attack vector is network-based, with high complexity and no privileges required. User interaction is required for exploitation.

Technical Analysis

The root cause of this vulnerability stems from the handling of the `.netrc` file by the curl command. If a user configures curl to follow redirects but does not provide login credentials in the `.netrc` file, curl may inadvertently pass the initial password to the redirected host.

The attack vector is network-based, meaning an attacker must be able to intercept the HTTP requests made by curl. Given that user interaction is required, the exploitation capacity is somewhat limited but still poses a risk.

Risk & Impact Analysis

Real-world deployment risk is mitigated by the requirements of configuration, as the vulnerability only occurs under specific settings. However, if misconfigured, attackers may leverage this vulnerability to gain unauthorized access to sensitive credentials.

This matters to organizations because the exposure of credentials can lead to further attacks or data breaches, especially if credentials are reused across multiple services.

Organizations should schedule remediation, given the potential for exposure, albeit low.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include Haxx Curl versions from 7.76.0 up to, but not including, 8.12.0, as well as various NetApp products. If specific version information is unavailable, organizations should assume all versions prior to vendor patch.

Mitigation & Remediation

Organizations should validate remediation through penetration testing to ensure no similar vulnerabilities exist. Additionally, applying patches and updates from vendors is essential.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unexpected credential usage patterns and HTTP redirect behaviors. Behavioral anomalies may indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of secure credential management. Security teams should implement best practices for handling credentials, particularly in scenarios involving automated tools like curl.

Organizations should consider reviewing their credential storage methods to mitigate similar issues in the future. For more comprehensive security, adopting a proactive approach with penetration testing methodologies can help identify and address potential vulnerabilities before they are exploited.

Additionally, keeping up with vendor advisories ensures that organizations are aware of potential risks and can respond effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0167: Low Vulnerability in Haxx Curl