The libsoup library used in GNOME for HTTP client and server functionality contains multiple security flaws: an integer overflow in append_param_quoted (CVE-2025-32050), heap buffer overflows in sniff_unknown (CVE-2025-32052) and sniff_feed_or_html and skip_insignificant_space (CVE-2025-32053), out of bounds reads in soup_headers_parse_request (CVE-2025-32906), double free in soup_message_headers_get_content_disposition (CVE-2025-32911), NULL pointer dereference in soup_message_headers_get_content_disposition when a filename parameter is present but empty (CVE-2025-32913), information disclosure due to sending Authorization headers to different hosts on redirects (CVE-2025-46421), and a memory leak in soup_header_parse_quality_list (CVE-2025-46420). These vulnerabilities have been addressed in updated libsoup packages for Red Hat Enterprise Linux 8.8 Extended Update Support. The Red Hat advisory RHSA-2025:4568 provides details and instructions for applying the update.

These vulnerabilities could lead to memory corruption issues such as buffer overflows, double frees, and NULL pointer dereferences, which may cause application crashes or potentially allow code execution. The information disclosure vulnerability could cause sensitive Authorization headers to be sent to unintended hosts during HTTP redirects. The memory leak could degrade application performance over time. Red Hat rates the overall security impact as Important (high severity).

Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 8.8 Extended Update Support that address these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2025:4568 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the official update.