CVE-2025-4969: Out-of-bounds Read
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).
AI Analysis
Technical Summary
The vulnerability CVE-2025-4969 in libsoup results from failure to correctly verify the termination of multipart HTTP messages. This allows a remote attacker to send specially crafted multipart HTTP bodies that trigger out-of-bounds reads on the server consuming libsoup. The CVSS 3.1 base score is 6.5, indicating medium severity with network attack vector, low complexity, no privileges required, no user interaction, unchanged scope, limited confidentiality impact, and low availability impact. The affected product is Red Hat Enterprise Linux 10. The vendor advisory is available but does not explicitly state patch or mitigation details.
Potential Impact
Successful exploitation can cause the vulnerable server to read memory beyond its allocated boundaries, potentially leading to information disclosure or application instability. The impact is limited to confidentiality and availability with no integrity impact. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-4969 for current remediation guidance. Until a patch is confirmed, consider restricting exposure of services using libsoup to untrusted networks to reduce risk.
CVE-2025-4969: Out-of-bounds Read
Description
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-4969 in libsoup results from failure to correctly verify the termination of multipart HTTP messages. This allows a remote attacker to send specially crafted multipart HTTP bodies that trigger out-of-bounds reads on the server consuming libsoup. The CVSS 3.1 base score is 6.5, indicating medium severity with network attack vector, low complexity, no privileges required, no user interaction, unchanged scope, limited confidentiality impact, and low availability impact. The affected product is Red Hat Enterprise Linux 10. The vendor advisory is available but does not explicitly state patch or mitigation details.
Potential Impact
Successful exploitation can cause the vulnerable server to read memory beyond its allocated boundaries, potentially leading to information disclosure or application instability. The impact is limited to confidentiality and availability with no integrity impact. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2025-4969 for current remediation guidance. Until a patch is confirmed, consider restricting exposure of services using libsoup to untrusted networks to reduce risk.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-05-19T21:14:09.795Z
- Cisa Enriched
- false
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2025-4969","vendor":"Red Hat"}]
Threat ID: 682d38bc4d7c5ea9f4b3fabd
Added to database: 5/21/2025, 2:21:48 AM
Last enriched: 5/7/2026, 1:49:49 AM
Last updated: 5/8/2026, 9:55:24 PM
Views: 113
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.