CVE-2025-4945 is a vulnerability identified in the libsoup HTTP library, which is widely used in GNOME applications and other software stacks for HTTP communication. The issue arises from improper handling of the expiration date field in HTTP cookies during parsing. Specifically, the vulnerability is an integer overflow or wraparound triggered by specially crafted expiration date values. When the expiration date is processed, the arithmetic operations on the date integers do not properly validate input size, allowing an overflow that leads to undefined behavior. This flaw enables an attacker to bypass the cookie expiration logic, causing cookies to persist beyond their intended lifetime or behave unpredictably. Such behavior can undermine session management and security policies relying on cookie expiration. The vulnerability has a CVSS 3.1 base score of 3.7, indicating low severity, with attack vector being network-based, requiring no privileges or user interaction, but with high attack complexity. The impact is limited to integrity as confidentiality and availability are not affected. The vulnerability affects Red Hat Enterprise Linux 10 and potentially other Linux distributions or software using vulnerable versions of libsoup. No public exploits have been reported to date, but the flaw is recognized and published by Red Hat and CISA. The root cause is insufficient validation of large integer inputs during date arithmetic in the cookie parsing routines, highlighting the importance of robust input validation in security-critical components.

For European organizations, the primary impact of CVE-2025-4945 is the potential for attackers to bypass cookie expiration controls, which can lead to persistent session cookies or unintended cookie behavior. This may facilitate session fixation or prolonged unauthorized access if cookies are used for authentication or state management. Although the vulnerability does not directly expose sensitive data or cause denial of service, it undermines the integrity of session management mechanisms. Organizations relying on GNOME applications or services built on libsoup, particularly those running Red Hat Enterprise Linux 10, may face increased risk of session-related attacks. This can affect web applications, internal tools, or any software components that depend on cookie expiration for security. The low CVSS score reflects the limited scope and complexity of exploitation, but the risk remains relevant in environments where cookie security is critical. European enterprises in sectors such as finance, government, and critical infrastructure, where session integrity is paramount, should consider this vulnerability a potential vector for session manipulation attacks.

To mitigate CVE-2025-4945, organizations should prioritize updating libsoup to the latest patched version provided by Red Hat or their Linux distribution vendor as soon as it becomes available. In the interim, administrators should audit and monitor applications relying on libsoup for unusual cookie behavior or session persistence anomalies. Implementing additional application-layer controls to validate cookie expiration and session timeouts can reduce reliance on vulnerable parsing logic. Security teams should review cookie handling policies and consider employing HTTP security headers such as 'HttpOnly' and 'Secure' to limit cookie exposure. Network-level protections like web application firewalls (WAFs) can be tuned to detect and block suspicious cookie values or malformed HTTP headers. Regular vulnerability scanning and penetration testing focused on session management can help identify exploitation attempts. Finally, educating developers about secure cookie handling and input validation best practices will help prevent similar issues in future software.