CVE-2025-4945 is a vulnerability identified in the cookie parsing logic of the libsoup HTTP library, which is widely used in GNOME applications and other software environments, including Red Hat Enterprise Linux 10. The flaw arises specifically during the processing of cookie expiration dates. When a cookie contains a specially crafted expiration date value, it can trigger an integer overflow or wraparound due to improper validation of large integer inputs during date arithmetic operations. This integer overflow leads to undefined behavior in the cookie handling routines, allowing an attacker to bypass the intended cookie expiration logic. Consequently, cookies that should have expired may persist longer than intended or behave unpredictably. This can undermine security mechanisms that rely on cookie expiration, such as session management and authentication controls. The vulnerability does not directly compromise confidentiality or availability but impacts the integrity of cookie management, potentially enabling persistent unauthorized access or session fixation attacks. The CVSS 3.1 base score is 3.7 (low severity), reflecting that exploitation requires network access with high attack complexity, no privileges, and no user interaction, and the impact is limited to integrity without affecting confidentiality or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The issue is rooted in the libsoup library's failure to properly validate and handle large integer values during cookie expiration date calculations, which is a fundamental flaw in input validation and arithmetic safety within the HTTP cookie parsing logic.

For European organizations, this vulnerability could undermine security controls that depend on cookie expiration, such as web session management and authentication mechanisms. Attackers exploiting this flaw could cause cookies to persist beyond their intended lifespan, potentially enabling session fixation or unauthorized prolonged access to web applications. This is particularly concerning for organizations handling sensitive user data or financial transactions through GNOME-based applications or other software relying on libsoup. While the direct impact on confidentiality and availability is minimal, the integrity compromise can facilitate further attacks or unauthorized access. European organizations using Red Hat Enterprise Linux 10 or GNOME environments in critical infrastructure, government, finance, or healthcare sectors may face increased risk if attackers leverage this flaw to maintain persistent sessions or bypass security controls. The low CVSS score suggests limited immediate risk, but the potential for chaining this vulnerability with others to escalate attacks should not be overlooked.

Organizations should prioritize updating the libsoup library and any dependent GNOME applications as soon as patches become available from Red Hat or upstream maintainers. In the interim, administrators should monitor network traffic for anomalous cookie expiration values and implement web application firewall (WAF) rules to detect and block suspicious cookie headers with unusually large expiration dates. Application developers should review cookie handling code to ensure robust input validation and safe arithmetic operations on date values. Additionally, enforcing strict session management policies, such as frequent session renewal and invalidation, can reduce the window of opportunity for exploitation. Security teams should also conduct regular audits of cookie usage and expiration behaviors in their environments to detect inconsistencies. Finally, educating users and administrators about the risks of persistent cookies and encouraging the use of secure cookie attributes (HttpOnly, Secure, SameSite) can help mitigate exploitation vectors.