CVE-2025-0167 — Alpine Security Tracker

CVE-2025-0167

Name

CVE-2025-0167

Description

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
2499f714-1537-4658-8207-48ae4bb9eae9	https://curl.se/docs/CVE-2025-0167.html
2499f714-1537-4658-8207-48ae4bb9eae9	https://curl.se/docs/CVE-2025-0167.json
2499f714-1537-4658-8207-48ae4bb9eae9	https://hackerone.com/reports/2917232
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250306-0008/

Type

URI

2499f714-1537-4658-8207-48ae4bb9eae9

https://curl.se/docs/CVE-2025-0167.html

2499f714-1537-4658-8207-48ae4bb9eae9

https://curl.se/docs/CVE-2025-0167.json

2499f714-1537-4658-8207-48ae4bb9eae9

https://hackerone.com/reports/2917232

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250306-0008/

Match rules

CPE URI	Source package	Min version	Max version
	curl	>= 0	<= 8.11.1
	curl	>= 0	<= 8.11.0
	curl	>= 0	<= 8.10.1
	curl	>= 0	<= 8.10.0
	curl	>= 0	<= 8.9.1
	curl	>= 0	<= 8.9.0
	curl	>= 0	<= 8.8.0
	curl	>= 0	<= 8.7.1
	curl	>= 0	<= 8.7.0
	curl	>= 0	<= 8.6.0
	curl	>= 0	<= 8.5.0
	curl	>= 0	<= 8.4.0
	curl	>= 0	<= 8.3.0
	curl	>= 0	<= 8.2.1
	curl	>= 0	<= 8.2.0
	curl	>= 0	<= 8.1.2
	curl	>= 0	<= 8.1.1
	curl	>= 0	<= 8.1.0
	curl	>= 0	<= 8.0.1
	curl	>= 0	<= 8.0.0
	curl	>= 0	<= 7.88.1
	curl	>= 0	<= 7.88.0
	curl	>= 0	<= 7.87.0
	curl	>= 0	<= 7.86.0
	curl	>= 0	<= 7.85.0
	curl	>= 0	<= 7.84.0
	curl	>= 0	<= 7.83.1
	curl	>= 0	<= 7.83.0
	curl	>= 0	<= 7.82.0
	curl	>= 0	<= 7.81.0
	curl	>= 0	<= 7.80.0
	curl	>= 0	<= 7.79.1
	curl	>= 0	<= 7.79.0
	curl	>= 0	<= 7.78.0
	curl	>= 0	<= 7.77.0
	curl	>= 0	<= 7.76.1
	curl	>= 0	<= 7.76.0
`cpe:2.3:a:haxx:curl::::::::`	curl	>= 7.76.0	< 8.12.0

CPE URI

Source package

Min version

Max version

curl

>= 0

<= 8.11.1

curl

>= 0

<= 8.11.0

curl

>= 0

<= 8.10.1

curl

>= 0

<= 8.10.0

curl

>= 0

<= 8.9.1

curl

>= 0

<= 8.9.0

curl

>= 0

<= 8.8.0

curl

>= 0

<= 8.7.1

curl

>= 0

<= 8.7.0

curl

>= 0

<= 8.6.0

curl

>= 0

<= 8.5.0

curl

>= 0

<= 8.4.0

curl

>= 0

<= 8.3.0

curl

>= 0

<= 8.2.1

curl

>= 0

<= 8.2.0

curl

>= 0

<= 8.1.2

curl

>= 0

<= 8.1.1

curl

>= 0

<= 8.1.0

curl

>= 0

<= 8.0.1

curl

>= 0

<= 8.0.0

curl

>= 0

<= 7.88.1

curl

>= 0

<= 7.88.0

curl

>= 0

<= 7.87.0

curl

>= 0

<= 7.86.0

curl

>= 0

<= 7.85.0

curl

>= 0

<= 7.84.0

curl

>= 0

<= 7.83.1

curl

>= 0

<= 7.83.0

curl

>= 0

<= 7.82.0

curl

>= 0

<= 7.81.0

curl

>= 0

<= 7.80.0

curl

>= 0

<= 7.79.1

curl

>= 0

<= 7.79.0

curl

>= 0

<= 7.78.0

curl

>= 0

<= 7.77.0

curl

>= 0

<= 7.76.1

curl

>= 0

<= 7.76.0

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

curl

>= 7.76.0

< 8.12.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	edge-main	8.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	edge-main	8.11.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.11.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.11.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.11.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.9.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.7.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.6.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.3.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.1.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	8.0.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.88.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.87.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.86.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.85.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.84.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.83.1-r0	None	possibly vulnerable
curl	edge-main	7.83.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.79.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.78.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.77.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	edge-main	7.76.0-r0	None	possibly vulnerable
curl	edge-main	7.74.0-r0	None	possibly vulnerable
curl	edge-main	7.72.0-r0	None	possibly vulnerable
curl	edge-main	7.71.0-r0	None	possibly vulnerable
curl	edge-main	7.66.0-r0	None	possibly vulnerable
curl	edge-main	7.65.0-r0	None	possibly vulnerable
curl	edge-main	7.64.0-r0	None	possibly vulnerable
curl	edge-main	7.62.0-r0	None	possibly vulnerable
curl	edge-main	7.61.1-r0	None	possibly vulnerable
curl	edge-main	7.61.0-r0	None	possibly vulnerable
curl	edge-main	7.60.0-r0	None	possibly vulnerable
curl	edge-main	7.59.0-r0	None	possibly vulnerable
curl	edge-main	7.57.0-r0	None	possibly vulnerable
curl	edge-main	7.56.1-r0	None	possibly vulnerable
curl	edge-main	7.55.0-r0	None	possibly vulnerable
curl	edge-main	7.54.0-r0	None	possibly vulnerable
curl	edge-main	7.53.1-r2	None	possibly vulnerable
curl	edge-main	7.53.0-r0	None	possibly vulnerable
curl	edge-main	7.52.1-r0	None	possibly vulnerable
curl	edge-main	7.51.0-r0	None	possibly vulnerable
curl	edge-main	7.50.3-r0	None	possibly vulnerable
curl	edge-main	7.50.2-r0	None	possibly vulnerable
curl	edge-main	7.50.1-r0	None	possibly vulnerable
curl	edge-main	7.36.0-r0	None	possibly vulnerable
curl	3.22-main	8.12.0-r0	None	fixed
curl	3.22-main	8.11.1-r0	None	possibly vulnerable
curl	3.22-main	8.11.0-r0	None	possibly vulnerable
curl	3.22-main	8.10.0-r0	None	possibly vulnerable
curl	3.22-main	8.9.1-r0	None	possibly vulnerable
curl	3.22-main	8.9.0-r0	None	possibly vulnerable
curl	3.22-main	8.7.1-r0	None	possibly vulnerable
curl	3.22-main	8.6.0-r0	None	possibly vulnerable
curl	3.22-main	8.5.0-r0	None	possibly vulnerable
curl	3.22-main	8.4.0-r0	None	possibly vulnerable
curl	3.22-main	8.3.0-r0	None	possibly vulnerable
curl	3.22-main	8.1.0-r0	None	possibly vulnerable
curl	3.22-main	8.0.0-r0	None	possibly vulnerable
curl	3.22-main	7.88.0-r0	None	possibly vulnerable
curl	3.22-main	7.87.0-r0	None	possibly vulnerable
curl	3.22-main	7.86.0-r0	None	possibly vulnerable
curl	3.22-main	7.85.0-r0	None	possibly vulnerable
curl	3.22-main	7.84.0-r0	None	possibly vulnerable
curl	3.22-main	7.83.1-r0	None	possibly vulnerable
curl	3.22-main	7.83.0-r0	None	possibly vulnerable
curl	3.22-main	7.79.0-r0	None	possibly vulnerable
curl	3.22-main	7.78.0-r0	None	possibly vulnerable
curl	3.22-main	7.77.0-r0	None	possibly vulnerable
curl	3.22-main	7.76.0-r0	None	possibly vulnerable
curl	3.22-main	7.74.0-r0	None	possibly vulnerable
curl	3.22-main	7.72.0-r0	None	possibly vulnerable
curl	3.22-main	7.71.0-r0	None	possibly vulnerable
curl	3.22-main	7.66.0-r0	None	possibly vulnerable
curl	3.22-main	7.65.0-r0	None	possibly vulnerable
curl	3.22-main	7.64.0-r0	None	possibly vulnerable
curl	3.22-main	7.62.0-r0	None	possibly vulnerable
curl	3.22-main	7.61.1-r0	None	possibly vulnerable
curl	3.22-main	7.61.0-r0	None	possibly vulnerable
curl	3.22-main	7.60.0-r0	None	possibly vulnerable
curl	3.22-main	7.59.0-r0	None	possibly vulnerable
curl	3.22-main	7.57.0-r0	None	possibly vulnerable
curl	3.22-main	7.56.1-r0	None	possibly vulnerable
curl	3.22-main	7.55.0-r0	None	possibly vulnerable
curl	3.22-main	7.54.0-r0	None	possibly vulnerable
curl	3.22-main	7.53.1-r2	None	possibly vulnerable
curl	3.22-main	7.53.0-r0	None	possibly vulnerable
curl	3.22-main	7.52.1-r0	None	possibly vulnerable
curl	3.22-main	7.51.0-r0	None	possibly vulnerable
curl	3.22-main	7.50.3-r0	None	possibly vulnerable
curl	3.22-main	7.50.2-r0	None	possibly vulnerable
curl	3.22-main	7.50.1-r0	None	possibly vulnerable
curl	3.22-main	7.36.0-r0	None	possibly vulnerable
curl	3.21-main	8.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.21-main	8.11.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.21-main	8.11.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.21-main	8.11.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.21-main	8.11.0-r0	None	possibly vulnerable
curl	3.21-main	8.10.0-r0	None	possibly vulnerable
curl	3.21-main	8.9.1-r0	None	possibly vulnerable
curl	3.21-main	8.9.0-r0	None	possibly vulnerable
curl	3.21-main	8.7.1-r0	None	possibly vulnerable
curl	3.21-main	8.6.0-r0	None	possibly vulnerable
curl	3.21-main	8.5.0-r0	None	possibly vulnerable
curl	3.21-main	8.4.0-r0	None	possibly vulnerable
curl	3.21-main	8.3.0-r0	None	possibly vulnerable
curl	3.21-main	8.1.0-r0	None	possibly vulnerable
curl	3.21-main	8.0.0-r0	None	possibly vulnerable
curl	3.21-main	7.88.0-r0	None	possibly vulnerable
curl	3.21-main	7.87.0-r0	None	possibly vulnerable
curl	3.21-main	7.86.0-r0	None	possibly vulnerable
curl	3.21-main	7.85.0-r0	None	possibly vulnerable
curl	3.21-main	7.84.0-r0	None	possibly vulnerable
curl	3.21-main	7.83.1-r0	None	possibly vulnerable
curl	3.21-main	7.83.0-r0	None	possibly vulnerable
curl	3.21-main	7.79.0-r0	None	possibly vulnerable
curl	3.21-main	7.78.0-r0	None	possibly vulnerable
curl	3.21-main	7.77.0-r0	None	possibly vulnerable
curl	3.21-main	7.76.0-r0	None	possibly vulnerable
curl	3.21-main	7.74.0-r0	None	possibly vulnerable
curl	3.21-main	7.72.0-r0	None	possibly vulnerable
curl	3.21-main	7.71.0-r0	None	possibly vulnerable
curl	3.21-main	7.66.0-r0	None	possibly vulnerable
curl	3.21-main	7.65.0-r0	None	possibly vulnerable
curl	3.21-main	7.64.0-r0	None	possibly vulnerable
curl	3.21-main	7.62.0-r0	None	possibly vulnerable
curl	3.21-main	7.61.1-r0	None	possibly vulnerable
curl	3.21-main	7.61.0-r0	None	possibly vulnerable
curl	3.21-main	7.60.0-r0	None	possibly vulnerable
curl	3.21-main	7.59.0-r0	None	possibly vulnerable
curl	3.21-main	7.57.0-r0	None	possibly vulnerable
curl	3.21-main	7.56.1-r0	None	possibly vulnerable
curl	3.21-main	7.55.0-r0	None	possibly vulnerable
curl	3.21-main	7.54.0-r0	None	possibly vulnerable
curl	3.21-main	7.53.1-r2	None	possibly vulnerable
curl	3.21-main	7.53.0-r0	None	possibly vulnerable
curl	3.21-main	7.52.1-r0	None	possibly vulnerable
curl	3.21-main	7.51.0-r0	None	possibly vulnerable
curl	3.21-main	7.50.3-r0	None	possibly vulnerable
curl	3.21-main	7.50.2-r0	None	possibly vulnerable
curl	3.21-main	7.50.1-r0	None	possibly vulnerable
curl	3.21-main	7.36.0-r0	None	possibly vulnerable
curl	3.20-main	8.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.20-main	8.11.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.11.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.11.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.11.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.9.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.7.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.20-main	8.6.0-r0	None	possibly vulnerable
curl	3.20-main	8.5.0-r0	None	possibly vulnerable
curl	3.20-main	8.4.0-r0	None	possibly vulnerable
curl	3.20-main	8.3.0-r0	None	possibly vulnerable
curl	3.20-main	8.1.0-r0	None	possibly vulnerable
curl	3.20-main	8.0.0-r0	None	possibly vulnerable
curl	3.20-main	7.88.0-r0	None	possibly vulnerable
curl	3.20-main	7.87.0-r0	None	possibly vulnerable
curl	3.20-main	7.86.0-r0	None	possibly vulnerable
curl	3.20-main	7.85.0-r0	None	possibly vulnerable
curl	3.20-main	7.84.0-r0	None	possibly vulnerable
curl	3.20-main	7.83.1-r0	None	possibly vulnerable
curl	3.20-main	7.83.0-r0	None	possibly vulnerable
curl	3.20-main	7.79.0-r0	None	possibly vulnerable
curl	3.20-main	7.78.0-r0	None	possibly vulnerable
curl	3.20-main	7.77.0-r0	None	possibly vulnerable
curl	3.20-main	7.76.0-r0	None	possibly vulnerable
curl	3.20-main	7.74.0-r0	None	possibly vulnerable
curl	3.20-main	7.72.0-r0	None	possibly vulnerable
curl	3.20-main	7.71.0-r0	None	possibly vulnerable
curl	3.20-main	7.66.0-r0	None	possibly vulnerable
curl	3.20-main	7.65.0-r0	None	possibly vulnerable
curl	3.20-main	7.64.0-r0	None	possibly vulnerable
curl	3.20-main	7.62.0-r0	None	possibly vulnerable
curl	3.20-main	7.61.1-r0	None	possibly vulnerable
curl	3.20-main	7.61.0-r0	None	possibly vulnerable
curl	3.20-main	7.60.0-r0	None	possibly vulnerable
curl	3.20-main	7.59.0-r0	None	possibly vulnerable
curl	3.20-main	7.57.0-r0	None	possibly vulnerable
curl	3.20-main	7.56.1-r0	None	possibly vulnerable
curl	3.20-main	7.55.0-r0	None	possibly vulnerable
curl	3.20-main	7.54.0-r0	None	possibly vulnerable
curl	3.20-main	7.53.1-r2	None	possibly vulnerable
curl	3.20-main	7.53.0-r0	None	possibly vulnerable
curl	3.20-main	7.52.1-r0	None	possibly vulnerable
curl	3.20-main	7.51.0-r0	None	possibly vulnerable
curl	3.20-main	7.50.3-r0	None	possibly vulnerable
curl	3.20-main	7.50.2-r0	None	possibly vulnerable
curl	3.20-main	7.50.1-r0	None	possibly vulnerable
curl	3.20-main	7.36.0-r0	None	possibly vulnerable
curl	3.19-main	8.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
curl	3.19-main	8.11.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.11.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.11.0-r0	None	possibly vulnerable
curl	3.19-main	8.10.0-r0	None	possibly vulnerable
curl	3.19-main	8.9.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.9.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.7.1-r0	None	possibly vulnerable
curl	3.19-main	8.6.0-r0	None	possibly vulnerable
curl	3.19-main	8.5.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
curl	3.19-main	8.4.0-r0	None	possibly vulnerable
curl	3.19-main	8.3.0-r0	None	possibly vulnerable
curl	3.19-main	8.1.0-r0	None	possibly vulnerable
curl	3.19-main	8.0.0-r0	None	possibly vulnerable
curl	3.19-main	7.88.0-r0	None	possibly vulnerable
curl	3.19-main	7.87.0-r0	None	possibly vulnerable
curl	3.19-main	7.86.0-r0	None	possibly vulnerable
curl	3.19-main	7.85.0-r0	None	possibly vulnerable
curl	3.19-main	7.84.0-r0	None	possibly vulnerable
curl	3.19-main	7.83.1-r0	None	possibly vulnerable
curl	3.19-main	7.83.0-r0	None	possibly vulnerable
curl	3.19-main	7.79.0-r0	None	possibly vulnerable
curl	3.19-main	7.78.0-r0	None	possibly vulnerable
curl	3.19-main	7.77.0-r0	None	possibly vulnerable
curl	3.19-main	7.76.0-r0	None	possibly vulnerable
curl	3.19-main	7.74.0-r0	None	possibly vulnerable
curl	3.19-main	7.72.0-r0	None	possibly vulnerable
curl	3.19-main	7.71.0-r0	None	possibly vulnerable
curl	3.19-main	7.66.0-r0	None	possibly vulnerable
curl	3.19-main	7.65.0-r0	None	possibly vulnerable
curl	3.19-main	7.64.0-r0	None	possibly vulnerable
curl	3.19-main	7.62.0-r0	None	possibly vulnerable
curl	3.19-main	7.61.1-r0	None	possibly vulnerable
curl	3.19-main	7.61.0-r0	None	possibly vulnerable
curl	3.19-main	7.60.0-r0	None	possibly vulnerable
curl	3.19-main	7.59.0-r0	None	possibly vulnerable
curl	3.19-main	7.57.0-r0	None	possibly vulnerable
curl	3.19-main	7.56.1-r0	None	possibly vulnerable
curl	3.19-main	7.55.0-r0	None	possibly vulnerable
curl	3.19-main	7.54.0-r0	None	possibly vulnerable
curl	3.19-main	7.53.1-r2	None	possibly vulnerable
curl	3.19-main	7.53.0-r0	None	possibly vulnerable
curl	3.19-main	7.52.1-r0	None	possibly vulnerable
curl	3.19-main	7.51.0-r0	None	possibly vulnerable
curl	3.19-main	7.50.3-r0	None	possibly vulnerable
curl	3.19-main	7.50.2-r0	None	possibly vulnerable
curl	3.19-main	7.50.1-r0	None	possibly vulnerable
curl	3.19-main	7.36.0-r0	None	possibly vulnerable
curl	3.18-main	8.12.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status