AZL-68562

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68562.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68562

Upstream

CVE-2025-62168

Published

2025-10-17T17:15:49Z

Modified

2026-04-01T05:21:26.992468Z

Summary

CVE-2025-62168 affecting package squid for versions less than 6.13-3

Details

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with emailerrdata off.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-62168

Affected packages

Azure Linux:3 / squid

Package

Name: squid
Purl: pkg:rpm/azure-linux/squid

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.13-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68562.json"