Vulnerability Description
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.76.0, < 8.12.0 |
| Netapp | Element Software | - |
| Netapp | Ontap | 9 |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Ontap Tools | 9 |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Solidfire \& Hci Storage Node | - |
| Netapp | Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H610C Firmware | - |
| Netapp | H610C | - |
| Netapp | H610S Firmware | - |
References
- https://curl.se/docs/CVE-2025-0167.htmlVendor Advisory
- https://curl.se/docs/CVE-2025-0167.jsonVendor Advisory
- https://hackerone.com/reports/2917232ExploitIssue TrackingThird Party Advisory
- https://security.netapp.com/advisory/ntap-20250306-0008/Third Party Advisory
- https://curl.se/docs/CVE-2025-0167.htmlVendor Advisory
FAQ
What is CVE-2025-0167?
CVE-2025-0167 is a vulnerability with a CVSS score of 3.4 (LOW). When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw...
How severe is CVE-2025-0167?
CVE-2025-0167 has been rated LOW with a CVSS base score of 3.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0167?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Netapp Element Software, Netapp Ontap, Netapp Ontap Select Deploy Administration Utility, Netapp Ontap Tools.