CVE-2025-62168

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-62168. PoCs published by monzaviman, adminlove520, shahroodcert. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a scanner for detecting CVE-2025-62168, an information disclosure vulnerability in Squid Proxy. It checks for the presence of HTTP Authentication credentials in error responses and determines if the target Squid Proxy version is vulnerable.

Description

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.

Exploits (4)

github SCANNER 16 stars

by monzaviman · pythonpoc

https://github.com/monzaviman/CVE-2025-62168

View Code ZIP pw:eip

The repository contains a scanner for detecting CVE-2025-62168, an information disclosure vulnerability in Squid Proxy. It checks for the presence of HTTP Authentication credentials in error responses and determines if the target Squid Proxy version is vulnerable.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Squid Proxy (versions < 7.2)

No auth needed

Prerequisites: Network access to the Squid Proxy server · Squid Proxy server running a vulnerable version (< 7.2)

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

github SCANNER 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-62168

View Code ZIP pw:eip

The repository contains a Python script that scans for CVE-2025-62168, an information disclosure vulnerability in Squid Proxy due to improper redaction of HTTP Authentication credentials. The script checks the Squid version and attempts to detect the vulnerability by analyzing the error page response.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Squid Proxy (versions < 7.2)

No auth needed

Prerequisites: Squid Proxy server with version < 7.2 · Network access to the target Squid Proxy

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

github SCANNER 1 stars

by shahroodcert · pythonpoc

https://github.com/shahroodcert/CVE-2025-62168

View Code ZIP pw:eip

The repository contains a scanner for detecting CVE-2025-62168, an information disclosure vulnerability in Squid Proxy. It checks for the presence of HTTP Authentication credentials in error responses and verifies if the Squid version is vulnerable.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Squid Proxy (versions < 7.2)

No auth needed

Prerequisites: Access to a Squid Proxy server · Network connectivity to the target

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by nehkark · poc

https://github.com/nehkark/CVE-2025-62168

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-62168, an information disclosure vulnerability in Squid Proxy where sensitive HTTP headers (e.g., JWT tokens) are reflected in error pages via the mailto diagnostic block. The PoC demonstrates token leakage by forcing a Squid error and parsing the response.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Squid Proxy < 7.2

No auth needed

Prerequisites: Squid Proxy with email_err_data enabled · Network access to the proxy

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Squid Proxy - HTTP Authentication Credentials Disclosure

CRITICALVERIFIEDby xtr0nix

References (3)

Core 3

Core References

Mitigation, Third Party Advisory x_refsource_confirm

https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr

Patch x_refsource_misc

https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f

View Patch ZIP pw:eip

Mailing List

http://www.openwall.com/lists/oss-security/2025/11/05/6

Squid < 7.2 - Information Disclosure via HTTP Authentication Credential Leak in Error Handling

Exploitation Summary

Description

Exploits (4)

Nuclei Templates (1)

References (3)

Scores

CISA SSVC

Details