CVE•Published 2025-10-17•1 article on news•5 live references•NVD data

CVE-2025-62168

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

10.0

CRITICAL

EPSS percentile

Exploit Prediction Scoring System · top 1% of all CVEs

Description

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.

Timeline

Published 2025-10-17

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag1,742,247 hosts

vuln:CVE-2025-62168

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product + version

product:"Squid-cache Squid" version:"2.0"

Version-pinned fingerprint from NVD's first vulnerable CPE.

Shodan · banner/body mention

http.html:"Squid"

HTTP body or banner mentions "Squid" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2025-62168