Red Hat Security Advisory: libsoup3 security update
A security vulnerability (CVE-2025-11021) has been identified in libsoup3, an HTTP library used in Red Hat Enterprise Linux 10. The issue is an out-of-bounds read in the cookie date handling functionality of the libsoup HTTP library. Red Hat has issued an important security update to address this vulnerability in multiple Red Hat Enterprise Linux 10 variants and related products. The update fixes the out-of-bounds read flaw to prevent potential security issues related to improper memory access.
AI Analysis
Technical Summary
The vulnerability CVE-2025-11021 in libsoup3 is an out-of-bounds read in the cookie date handling code of the libsoup HTTP library, which is implemented in C and used in GNOME applications for asynchronous HTTP access. This flaw could lead to reading memory outside the intended buffer boundaries. Red Hat has released security updates for Red Hat Enterprise Linux 10 and its extended update support versions across multiple architectures (x86_64, s390x, ppc64le, aarch64) to remediate this issue. The advisory classifies the impact as important and provides updated packages to fix the vulnerability.
Potential Impact
The out-of-bounds read vulnerability in libsoup3 could allow an attacker to cause improper memory access when handling cookie date values. This may lead to application crashes or potentially expose sensitive memory contents. The advisory rates the security impact as important, indicating a significant but not critical risk. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released official security updates for libsoup3 in Red Hat Enterprise Linux 10 and its extended update support variants. Users should apply the updates as described in the Red Hat advisory RHSA-2025:18183 and the referenced article https://access.redhat.com/articles/11258 to remediate the vulnerability. Applying these patches will fix the out-of-bounds read issue in the cookie date handling code. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: libsoup3 security update
Description
A security vulnerability (CVE-2025-11021) has been identified in libsoup3, an HTTP library used in Red Hat Enterprise Linux 10. The issue is an out-of-bounds read in the cookie date handling functionality of the libsoup HTTP library. Red Hat has issued an important security update to address this vulnerability in multiple Red Hat Enterprise Linux 10 variants and related products. The update fixes the out-of-bounds read flaw to prevent potential security issues related to improper memory access.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-11021 in libsoup3 is an out-of-bounds read in the cookie date handling code of the libsoup HTTP library, which is implemented in C and used in GNOME applications for asynchronous HTTP access. This flaw could lead to reading memory outside the intended buffer boundaries. Red Hat has released security updates for Red Hat Enterprise Linux 10 and its extended update support versions across multiple architectures (x86_64, s390x, ppc64le, aarch64) to remediate this issue. The advisory classifies the impact as important and provides updated packages to fix the vulnerability.
Potential Impact
The out-of-bounds read vulnerability in libsoup3 could allow an attacker to cause improper memory access when handling cookie date values. This may lead to application crashes or potentially expose sensitive memory contents. The advisory rates the security impact as important, indicating a significant but not critical risk. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released official security updates for libsoup3 in Red Hat Enterprise Linux 10 and its extended update support variants. Users should apply the updates as described in the Red Hat advisory RHSA-2025:18183 and the referenced article https://access.redhat.com/articles/11258 to remediate the vulnerability. Applying these patches will fix the out-of-bounds read issue in the cookie date handling code. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:18183
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a3da1e04853345fc182b9f5
Added to database: 06/25/2026, 21:47:12 UTC
Last enriched: 06/25/2026, 22:27:50 UTC
Last updated: 06/26/2026, 17:47:06 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.