Login Sign Up

CVE-2025-62168

10.0 CRITICAL
Authentication Bypass

📋 TL;DR

Squid caching proxy versions before 7.2 fail to properly redact HTTP authentication credentials in error messages, allowing information disclosure. This vulnerability enables scripts to bypass browser security protections and learn credentials used by trusted clients, potentially exposing security tokens or internal authentication data. Any organization using vulnerable Squid versions for web application load balancing or proxy services is affected.

💻 Affected Systems

Products:
  • Squid caching proxy
Versions: All versions prior to 7.2
Operating Systems: All operating systems running Squid
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Squid configurations, even those not using HTTP authentication. Particularly impacts deployments using Squid for backend load balancing.

📦 What is this software?

Squid by Squid Cache

View all CVEs affecting Squid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal authentication credentials or security tokens, gaining unauthorized access to backend systems, internal applications, or sensitive data.

🟠

Likely Case

Credential leakage leading to unauthorized access to web applications or services behind the Squid proxy.

🟢

If Mitigated

Limited information disclosure with minimal impact if proper network segmentation and credential rotation are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires triggering error conditions in Squid to leak credentials through error messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2

Vendor Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr

Restart Required: Yes

Instructions:

1. Download Squid 7.2 or later from squid-cache.org. 2. Stop Squid service. 3. Install/upgrade to version 7.2+. 4. Restart Squid service.

🔧 Temporary Workarounds

Disable debug information in error emails

all

Prevents credential leakage through administrator mailto links by disabling email error data

Add 'email_err_data off' to squid.conf and restart Squid

🧯 If You Can't Patch

  • Implement network segmentation to isolate Squid instances from sensitive backend systems
  • Rotate all authentication credentials and tokens used by applications behind Squid

🔍 How to Verify

Check if Vulnerable:

Check Squid version with 'squid -v' or 'squid --version' and verify it's below 7.2

Check Version:

squid -v

Verify Fix Applied:

Confirm version is 7.2 or higher with 'squid -v' and check squid.conf contains 'email_err_data off'

📡 Detection & Monitoring

Log Indicators:

  • Unusual error messages containing authentication data
  • Multiple failed authentication attempts triggering error conditions

Network Indicators:

  • Unexpected HTTP error responses containing credential-like strings
  • Traffic patterns suggesting credential harvesting

SIEM Query:

source="squid" AND (message="*error*" OR message="*auth*") AND (message="*password*" OR message="*token*" OR message="*credential*")

📊 Metadata

CVE ID: CVE-2025-62168
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-209
EPSS Score: 0.08% exploit probability (23.7th percentile)
Published: October 17, 2025
Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62168, you might also want to check these:

CVE-2025-46658 9.8

CVE-2025-46658 is an information disclosure vulnerability in 4C Strategies ExonautWeb where verbose ...

Same vulnerability type (CWE-209)
CVE-2024-6980 9.8

A verbose error handling issue in the GravityZone Update Server proxy service allows attackers to pe...

Same vulnerability type (CWE-209)
CVE-2023-40758 9.8

This vulnerability in PHPJabbers Document Creator v1.0 allows attackers to enumerate valid user acco...

Same vulnerability type (CWE-209)