The libsoup library used in GNOME for HTTP client and server functionality contains multiple security flaws, including integer overflow (CVE-2025-32050), heap buffer overflows (CVE-2025-32052, CVE-2025-32053), out-of-bounds reads (CVE-2025-32906), denial of service via overlapping Range headers (CVE-2025-32907), double free (CVE-2025-32911), null pointer dereference (CVE-2025-32913), information disclosure through improper Authorization header forwarding (CVE-2025-46421), and memory leak (CVE-2025-46420). These vulnerabilities could lead to crashes, memory corruption, denial of service, or information leakage. Red Hat has issued an important security advisory (RHSA-2025:7436) with fixes for these issues targeting Red Hat Enterprise Linux 9 and its variants.

The vulnerabilities in libsoup can result in memory corruption (integer overflow, heap buffer overflows, double free), denial of service (via large overlapping Range header requests), null pointer dereference crashes, information disclosure (sending Authorization headers to unintended hosts), and memory leaks. These issues can affect the stability and security of applications relying on libsoup for HTTP communications, potentially allowing attackers to disrupt services or gain unauthorized information. No known exploits in the wild have been reported at this time.

Red Hat has released an official security update addressing all identified vulnerabilities in libsoup for Red Hat Enterprise Linux 9 and its variants. Users should apply the update as described in the Red Hat advisory RHSA-2025:7436 to remediate these issues. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are indicated beyond applying the official patch.