CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry thatomits both login and password. A rare circu...

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression ofcontent-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option,using zlib 1.2.0.3 or older , an attacker-controlled integer overflow wouldmake libcurl perform a buffer overflow.