Red Hat Security Advisory: libsoup security update
Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.6 variants. These include out-of-bounds reads, double free, NULL pointer dereference, information disclosure via improper Authorization header handling on redirects, and memory leaks. Red Hat has issued an important security advisory with updates addressing these issues. The vulnerabilities have been assigned CVE identifiers CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, and CVE-2025-46421. The advisory provides updated packages to remediate these flaws.
AI Analysis
Technical Summary
The libsoup library for GNOME, used as an HTTP client and server library, contains multiple security vulnerabilities. These include: out-of-bounds reads in soup_headers_parse_request() (CVE-2025-32906), double free in soup_message_headers_get_content_disposition() via a GHashTable value (CVE-2025-32911), NULL pointer dereference in soup_message_headers_get_content_disposition when a filename parameter is present but empty (CVE-2025-32913), information disclosure due to libsoup client sending Authorization headers to a different host upon redirection (CVE-2025-46421), and a memory leak in soup_header_parse_quality_list() (CVE-2025-46420). Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 8.6 variants to address these issues as detailed in advisory RHSA-2025:4624.
Potential Impact
The identified vulnerabilities can lead to memory corruption issues such as out-of-bounds reads, double free, and NULL pointer dereference, which may cause application crashes or potentially enable further exploitation. The information disclosure vulnerability could cause sensitive Authorization headers to be sent to unintended hosts during HTTP redirects, risking credential leakage. The memory leak may degrade application performance over time. These issues collectively pose a high security risk to systems using affected libsoup versions.
Mitigation Recommendations
Red Hat has released updated libsoup packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 8.6 variants should apply the security update RHSA-2025:4624 promptly to remediate these issues. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified beyond applying the official patches.
Red Hat Security Advisory: libsoup security update
Description
Multiple security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, affecting Red Hat Enterprise Linux 8.6 variants. These include out-of-bounds reads, double free, NULL pointer dereference, information disclosure via improper Authorization header handling on redirects, and memory leaks. Red Hat has issued an important security advisory with updates addressing these issues. The vulnerabilities have been assigned CVE identifiers CVE-2025-32906, CVE-2025-32911, CVE-2025-32913, CVE-2025-46420, and CVE-2025-46421. The advisory provides updated packages to remediate these flaws.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libsoup library for GNOME, used as an HTTP client and server library, contains multiple security vulnerabilities. These include: out-of-bounds reads in soup_headers_parse_request() (CVE-2025-32906), double free in soup_message_headers_get_content_disposition() via a GHashTable value (CVE-2025-32911), NULL pointer dereference in soup_message_headers_get_content_disposition when a filename parameter is present but empty (CVE-2025-32913), information disclosure due to libsoup client sending Authorization headers to a different host upon redirection (CVE-2025-46421), and a memory leak in soup_header_parse_quality_list() (CVE-2025-46420). Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 8.6 variants to address these issues as detailed in advisory RHSA-2025:4624.
Potential Impact
The identified vulnerabilities can lead to memory corruption issues such as out-of-bounds reads, double free, and NULL pointer dereference, which may cause application crashes or potentially enable further exploitation. The information disclosure vulnerability could cause sensitive Authorization headers to be sent to unintended hosts during HTTP redirects, risking credential leakage. The memory leak may degrade application performance over time. These issues collectively pose a high security risk to systems using affected libsoup versions.
Mitigation Recommendations
Red Hat has released updated libsoup packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 8.6 variants should apply the security update RHSA-2025:4624 promptly to remediate these issues. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified beyond applying the official patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4624
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-32911","CVE-2025-32913","CVE-2025-46420","CVE-2025-46421"]
- Cvss Version
- null
Threat ID: 6a4049ea27e9c797198364b1
Added to database: 06/27/2026, 22:08:42 UTC
Last enriched: 06/27/2026, 22:40:13 UTC
Last updated: 06/27/2026, 23:11:12 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.