Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid CVE-2025-62168

Name: Exploit for Server-generated Error Message Containing Sensitive Information in Squid-Cache Squid CVE-2025-62168
Rating: 5 (442 reviews)

2025-11-02 | CVSS 10.0

## https://sploitus.com/exploit?id=1EF07AD6-913E-5B7D-8151-C7D48D71782B
# CVE-2025-62168Squid Proxy Information Disclosure in Error handling

### Scanner (Detection & PoC)

![](https://github.com/monzaviman/CVE-2025-62168/blob/main/Banner.jpg)

"Due to a failure to redact HTTP Authentication credentials
Squid is vulnerable to an Information Disclosure attack.
Severity:

This problem allows a script to bypass Browser security
protections and learn the credentials a trusted client uses to
authenticate.

This problem potentially allows a remote client to identify
security tokens or credentials used internally by a web
application using Squid for backend load balancing.

These attacks do not require Squid to be configured with HTTP
Authentication."

#### How to Use
```
use virtual enviroment & active
pip install -r requirements.txt

python3 main.py
```
![](https://github.com/monzaviman/CVE-2025-62168/blob/main/PoC.png)