CVE-2025-0167

ADVISORY - ubuntu

Summary

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.

EPSS Score⁠: 0.00062 (0.199)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

Impacted images

Advisories

Ubuntu

CREATED

3 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2025-0167⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
ubuntu/curl	deb	ubuntu	22.04	>=0	Not yet available
ubuntu/curl	deb	ubuntu	24.10	>=0	Not yet available
ubuntu/curl	deb	ubuntu	24.04	>=0	Not yet available
ubuntu/curl	deb	ubuntu	25.04	>=0	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-0167⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

3.4low

Alpine

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-0167⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-0167⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

CGA-gr5c-pjrp-3fmw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY ID

CVE-2025-0167

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium