CVE-2025-0167
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/02/2025
Last modified:
30/07/2025
Description
When asked to use a `.netrc` file for credentials **and** to follow HTTP<br />
redirects, curl could leak the password used for the first host to the<br />
followed-to host under certain circumstances.<br />
<br />
This flaw only manifests itself if the netrc file has a `default` entry that<br />
omits both login and password. A rare circumstance.
Impact
Base Score 3.x
3.40
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | 7.76.0 (including) | 8.12.0 (excluding) |
| cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:* | ||
| cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page