AI description
CVE-2025-62168 is an information disclosure vulnerability affecting Squid, a widely used caching proxy. Specifically, versions of Squid prior to 7.2 fail to redact HTTP authentication credentials during error handling. This flaw can allow a script to bypass browser security protections and potentially learn the credentials a trusted client uses to authenticate. This vulnerability could allow a remote client to identify security tokens or credentials used internally by a web application that uses Squid for backend load balancing. Exploitation of this vulnerability does not require HTTP authentication to be configured. The vulnerability is fixed in version 7.2. A workaround is to disable debug information in administrator mailto links generated by Squid by configuring `squid.conf` with `email_err_data off`.
- Description
- Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 5.8
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-209
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
36
Wah, Squid Proxy lagi "squidding" parah! CVE-2025-62168 (CVSS 10.0) bocorin kredensial HTTP & token keamanan lewat error handling. Versi <7.2 kena hantui! 61M+ layanan rentan nih, buruan update via https://t.co/HSegtmHR2E. Jangan sampai cumi-cumi ini nyolong data lo! #Squ
@BJORKANISM_REAL
21 Oct 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Atklāta kritiska ievainojamība Squid programmatūrā (CVE-2025-62168), kas ļauj iegūt sensitīvu informāciju un piekļūt iekšējiem resursiem. Ietekmētas visas versijas līdz 7.1. CVSS vērtējums 10.0! Aicinām atjaunināt Squid uz 7.2 vai jaunāku. Vairāk: http
@certlv
20 Oct 2025
1712 Impressions
12 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling https://t.co/Lyby4cl8vn
@Karma_X_Inc
20 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-62168 (CVSS 10.0): Info Disclosure in Squid Squid ≤7.1 leaks HTTP creds & tokens via error-handling; fixed in 7.2. 🎯47m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/XoQlyXVuz1 FOFA Query: app="squid"
@fofabot
20 Oct 2025
2326 Impressions
11 Retweets
34 Likes
13 Bookmarks
0 Replies
0 Quotes
squid CVE-2025-62168 Severity :10/10 🧐🧐🧐🧐 https://t.co/h8JTPZ2wpw
@h4x0r_dz
20 Oct 2025
3090 Impressions
7 Retweets
48 Likes
26 Bookmarks
0 Replies
0 Quotes
SquidにCVSSスコア10の脆弱性。CVE-2025-62168はエラー取扱時にHTTP認証情報の削除が行われず、結果としてブラウザのセキュリティ機構が迂回される可能性があるもの。email_err_dataでの管理者のmailtoリンク指定時にデ
@__kokumoto
20 Oct 2025
1414 Impressions
7 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
Critical Squid Proxy Flaw (CVE-2025-62168, CVSS 10.0) Leaks HTTP Credentials and Security Tokens via Error Handling https://t.co/90mwL2oAv7
@CrowdCyber_Com
20 Oct 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-62168 (CVSS: 10): Squid vuln exposes HTTP auth credentials in error handling! Attackers can bypass browser security and steal sensitive tokens/credentials. Search by vul.cve Filter👉vul.cve="CVE-2025-62168" ZoomEye Dork👉app="Squid" Over 44.2M vulnerable in
@zoomeye_team
20 Oct 2025
9023 Impressions
43 Retweets
138 Likes
56 Bookmarks
2 Replies
2 Quotes
Squidに深刻な脆弱性、認証情報漏えいの恐れ。世界中の企業やISPで利用されるWebキャッシュプロキシ「Squid」に、HTTP認証情報が誤ってエラーページに含まれる欠陥が発覚した。攻撃者はこれを悪用し、ブラウ
@yousukezan
20 Oct 2025
15757 Impressions
70 Retweets
167 Likes
95 Bookmarks
0 Replies
3 Quotes
A Critical (CVSS 10.0) flaw in Squid proxy (CVE-2025-62168) leaks HTTP authentication credentials and security tokens through error messages. #SquidProxy #CVE #InfoLeak #CyberSecurity https://t.co/YDQtDFGxv3
@the_yellow_fall
20 Oct 2025
122 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨CRITICAL: CVE-2025-62168 in Squid (<7.2) exposes HTTP creds in error messages! Remote attackers can steal internal tokens—patch now or disable debug info. 🔓 https://t.co/MnXWbUXyAn #OffSeq #CVE202562168 #InfoSec https://t.co/b8dVolxKCv
@offseq
18 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclos… https://t.co/GL1lz66gIX
@CVEnew
17 Oct 2025
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-62168** pertains to a critical security flaw in Squid, a widely used caching proxy server for the web. Specifically, in Squid versions prior to 7.2, there exists a failure to properly redact HTTP authentication credentials in error handling routines. This flaw enables
@CveTodo
17 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-62168: CRITICAL] Vulnerability in Squid versions prior to 7.2 exposes HTTP authentication credentials, but fixed in version 7.2. Secure by disabling debug info in admin mailto links.#cve,CVE-2025-62168,#cybersecurity https://t.co/wW5KVPPhn9 https://t.co/MPT8jbVq9X
@CveFindCom
17 Oct 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes