Red Hat Security Advisory: libsoup3 security update
Multiple security vulnerabilities have been identified in libsoup3, an HTTP library used in GNOME applications for asynchronous HTTP access. These include heap buffer over-reads, out-of-bounds reads, denial of service via HTTP/2, NULL pointer dereference in Digest authentication handling, and information disclosure through improper Authorization header forwarding. Red Hat has issued an important security update addressing these issues in Red Hat Enterprise Linux 10 and related products.
AI Analysis
Technical Summary
Libsoup3, a C-based HTTP library used in GNOME applications, contains several vulnerabilities: a heap buffer over-read in skip_insignificant_space (CVE-2025-2784), out-of-bounds reads in soup_headers_parse_request() (CVE-2025-32906), denial of service via HTTP/2 server interactions (CVE-2025-32908), NULL pointer dereference when the server omits the nonce parameter in Digest authentication (CVE-2025-32912), out-of-bounds read in soup_multipart_new_from_message causing crashes (CVE-2025-32914), and information disclosure due to sending Authorization headers to incorrect hosts on redirects (CVE-2025-46421). Red Hat Product Security has released an update for Red Hat Enterprise Linux 10 to address these vulnerabilities.
Potential Impact
These vulnerabilities can lead to application crashes, denial of service conditions, heap buffer over-reads, out-of-bounds memory reads, NULL pointer dereferences, and potential information disclosure through improper handling of HTTP headers. The issues affect the stability and confidentiality of applications using libsoup3 for HTTP communications.
Mitigation Recommendations
Red Hat has released security updates for libsoup3 in Red Hat Enterprise Linux 10 and related variants. Users should apply the official Red Hat update RHSA-2025:7505 to remediate these vulnerabilities. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided patch.
Red Hat Security Advisory: libsoup3 security update
Description
Multiple security vulnerabilities have been identified in libsoup3, an HTTP library used in GNOME applications for asynchronous HTTP access. These include heap buffer over-reads, out-of-bounds reads, denial of service via HTTP/2, NULL pointer dereference in Digest authentication handling, and information disclosure through improper Authorization header forwarding. Red Hat has issued an important security update addressing these issues in Red Hat Enterprise Linux 10 and related products.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Libsoup3, a C-based HTTP library used in GNOME applications, contains several vulnerabilities: a heap buffer over-read in skip_insignificant_space (CVE-2025-2784), out-of-bounds reads in soup_headers_parse_request() (CVE-2025-32906), denial of service via HTTP/2 server interactions (CVE-2025-32908), NULL pointer dereference when the server omits the nonce parameter in Digest authentication (CVE-2025-32912), out-of-bounds read in soup_multipart_new_from_message causing crashes (CVE-2025-32914), and information disclosure due to sending Authorization headers to incorrect hosts on redirects (CVE-2025-46421). Red Hat Product Security has released an update for Red Hat Enterprise Linux 10 to address these vulnerabilities.
Potential Impact
These vulnerabilities can lead to application crashes, denial of service conditions, heap buffer over-reads, out-of-bounds memory reads, NULL pointer dereferences, and potential information disclosure through improper handling of HTTP headers. The issues affect the stability and confidentiality of applications using libsoup3 for HTTP communications.
Mitigation Recommendations
Red Hat has released security updates for libsoup3 in Red Hat Enterprise Linux 10 and related variants. Users should apply the official Red Hat update RHSA-2025:7505 to remediate these vulnerabilities. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the vendor-provided patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:7505
- Cve Count
- 6
- Additional Cves
- ["CVE-2025-32906","CVE-2025-32908","CVE-2025-32912","CVE-2025-32914","CVE-2025-46421"]
- Cvss Version
- null
Threat ID: 6a3da1d24853345fc1825c49
Added to database: 06/25/2026, 21:46:58 UTC
Last enriched: 06/25/2026, 22:11:40 UTC
Last updated: 06/26/2026, 17:49:01 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.