CVE-2025-4945 identifies a vulnerability in the libsoup HTTP library's cookie parsing mechanism, specifically in how it processes the expiration date of cookies. Libsoup is widely used in GNOME applications and other software stacks for HTTP client functionality. The vulnerability arises from improper validation of large integer inputs during date arithmetic operations, leading to an integer overflow or wraparound. When a cookie's expiration date is set to a specially crafted large value, the integer overflow causes the expiration logic to malfunction, potentially allowing cookies to persist beyond their intended lifetime or behave unpredictably. This can undermine cookie-based session management or state control, possibly enabling attackers to maintain unauthorized sessions or bypass security controls relying on cookie expiration. The issue does not directly compromise confidentiality or availability but impacts the integrity of cookie handling. The vulnerability is remotely exploitable without authentication or user interaction, but the attack complexity is high due to the need for precise cookie crafting. The CVSS v3.1 score is 3.7 (low), reflecting limited impact and exploitation difficulty. The affected product is Red Hat Enterprise Linux 10, which bundles libsoup as part of its GNOME environment. No public exploits or active exploitation have been reported. The root cause is insufficient input validation and integer overflow handling in the date arithmetic code within libsoup's cookie parser. This vulnerability highlights the importance of robust input validation and secure arithmetic operations in security-critical libraries handling session and state data.

The primary impact of CVE-2025-4945 is on the integrity of cookie expiration handling, potentially allowing attackers to bypass expiration checks and cause cookies to persist longer than intended. This can lead to unauthorized session persistence or state manipulation, which might facilitate session fixation or replay attacks in applications relying on cookie expiration for security. However, the vulnerability does not affect confidentiality or availability directly. The low CVSS score and lack of known exploits indicate a limited immediate threat. Organizations using GNOME applications or other software dependent on libsoup may face risks related to session management and authentication bypass if this flaw is exploited. The impact is more pronounced in environments where cookie expiration is critical for security controls, such as web-based authentication or access control systems. Since exploitation requires no authentication or user interaction, remote attackers can attempt to exploit this flaw by delivering crafted cookies, but the complexity of crafting such cookies reduces the likelihood of widespread exploitation. Overall, the impact is moderate but should not be ignored, especially in sensitive or high-security environments.

To mitigate CVE-2025-4945, organizations should apply patches or updates from their Linux distribution vendors, particularly Red Hat, as soon as they become available to fix the integer overflow in libsoup's cookie parsing logic. Until patches are deployed, administrators can consider the following measures: 1) Implement strict input validation and filtering at the application or web server level to detect and block suspicious cookie values with unusually large expiration dates. 2) Monitor HTTP traffic for anomalous cookies that may indicate exploitation attempts. 3) Employ web application firewalls (WAFs) configured to detect and block malformed cookie headers. 4) Review and harden session management policies to reduce reliance solely on cookie expiration for session invalidation, such as implementing server-side session timeouts or token revocation mechanisms. 5) Educate developers and security teams about the risks of integer overflows in date handling and encourage secure coding practices. 6) Conduct security testing focused on cookie handling and expiration logic to identify similar weaknesses. These targeted mitigations help reduce the risk of exploitation while awaiting official patches.