Red Hat Security Advisory: libsoup security update
Multiple vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, including out-of-bounds reads, double free, NULL pointer dereference, information disclosure, and memory leaks. These issues affect Red Hat Enterprise Linux 8.4 variants and are rated with an important security impact by Red Hat. The vulnerabilities could lead to crashes, memory corruption, or unintended information disclosure. Red Hat has released security updates addressing these issues.
AI Analysis
Technical Summary
The libsoup library used in GNOME for HTTP client and server functionality contains multiple vulnerabilities: CVE-2025-32906 involves out-of-bounds reads in soup_headers_parse_request(); CVE-2025-32911 is a double free in soup_message_headers_get_content_disposition() via GHashTable params; CVE-2025-32913 is a NULL pointer dereference in soup_message_headers_get_content_disposition when a filename parameter is present but empty; CVE-2025-46421 causes information disclosure by sending Authorization headers to unintended hosts during redirects; CVE-2025-46420 is a memory leak in soup_header_parse_quality_list(). Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 8.4 variants to address these vulnerabilities as detailed in advisory RHSA-2025:4609.
Potential Impact
Successful exploitation of these vulnerabilities could lead to application crashes (due to out-of-bounds reads, double free, or NULL pointer dereference), potential information disclosure (sending Authorization headers to unintended hosts), and resource exhaustion (memory leaks). These issues affect the security and stability of applications relying on libsoup for HTTP communications on affected Red Hat Enterprise Linux 8.4 systems.
Mitigation Recommendations
Red Hat has released updated libsoup packages that address all listed vulnerabilities. Users of Red Hat Enterprise Linux 8.4 variants should apply the security update described in advisory RHSA-2025:4609 promptly. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are indicated in the advisory.
Red Hat Security Advisory: libsoup security update
Description
Multiple vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, including out-of-bounds reads, double free, NULL pointer dereference, information disclosure, and memory leaks. These issues affect Red Hat Enterprise Linux 8.4 variants and are rated with an important security impact by Red Hat. The vulnerabilities could lead to crashes, memory corruption, or unintended information disclosure. Red Hat has released security updates addressing these issues.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libsoup library used in GNOME for HTTP client and server functionality contains multiple vulnerabilities: CVE-2025-32906 involves out-of-bounds reads in soup_headers_parse_request(); CVE-2025-32911 is a double free in soup_message_headers_get_content_disposition() via GHashTable params; CVE-2025-32913 is a NULL pointer dereference in soup_message_headers_get_content_disposition when a filename parameter is present but empty; CVE-2025-46421 causes information disclosure by sending Authorization headers to unintended hosts during redirects; CVE-2025-46420 is a memory leak in soup_header_parse_quality_list(). Red Hat has released updated libsoup packages for Red Hat Enterprise Linux 8.4 variants to address these vulnerabilities as detailed in advisory RHSA-2025:4609.
Potential Impact
Successful exploitation of these vulnerabilities could lead to application crashes (due to out-of-bounds reads, double free, or NULL pointer dereference), potential information disclosure (sending Authorization headers to unintended hosts), and resource exhaustion (memory leaks). These issues affect the security and stability of applications relying on libsoup for HTTP communications on affected Red Hat Enterprise Linux 8.4 systems.
Mitigation Recommendations
Red Hat has released updated libsoup packages that address all listed vulnerabilities. Users of Red Hat Enterprise Linux 8.4 variants should apply the security update described in advisory RHSA-2025:4609 promptly. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are indicated in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4609
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-32911","CVE-2025-32913","CVE-2025-46420","CVE-2025-46421"]
- Cvss Version
- null
Threat ID: 6a4049ea27e9c797198364c6
Added to database: 06/27/2026, 22:08:42 UTC
Last enriched: 06/27/2026, 22:40:34 UTC
Last updated: 06/27/2026, 22:51:10 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.