Red Hat Security Advisory: libsoup3 security update
Two security vulnerabilities have been identified in libsoup3, an HTTP library used by GNOME applications. The issues include an integer overflow and an out-of-bounds read in cookie expiration date handling. These vulnerabilities could potentially affect applications relying on libsoup3 for HTTP communication. Red Hat has released security updates addressing these flaws for Red Hat Enterprise Linux 10 and related products.
AI Analysis
Technical Summary
Libsoup3, a C-based HTTP library designed for asynchronous network communication in GNOME applications, contains two vulnerabilities: an integer overflow (CVE-2025-4945) and an out-of-bounds read (CVE-2025-11021) both related to cookie expiration date handling. These flaws could lead to memory corruption or unexpected behavior when processing HTTP cookies. Red Hat Product Security has issued an advisory (RHSA-2025:21032) and released updated libsoup3 packages for Red Hat Enterprise Linux 10 and its variants to remediate these issues.
Potential Impact
The integer overflow and out-of-bounds read vulnerabilities in libsoup3 may allow an attacker to cause memory corruption or application crashes when handling HTTP cookie expiration dates. This could impact the stability and security of applications using libsoup3 for HTTP communication, potentially leading to denial of service or other unintended behaviors. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated libsoup3 packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 10 and related products should apply the security update described in advisory RHSA-2025:21032 promptly. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation actions are required beyond applying the official patch.
Red Hat Security Advisory: libsoup3 security update
Description
Two security vulnerabilities have been identified in libsoup3, an HTTP library used by GNOME applications. The issues include an integer overflow and an out-of-bounds read in cookie expiration date handling. These vulnerabilities could potentially affect applications relying on libsoup3 for HTTP communication. Red Hat has released security updates addressing these flaws for Red Hat Enterprise Linux 10 and related products.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Libsoup3, a C-based HTTP library designed for asynchronous network communication in GNOME applications, contains two vulnerabilities: an integer overflow (CVE-2025-4945) and an out-of-bounds read (CVE-2025-11021) both related to cookie expiration date handling. These flaws could lead to memory corruption or unexpected behavior when processing HTTP cookies. Red Hat Product Security has issued an advisory (RHSA-2025:21032) and released updated libsoup3 packages for Red Hat Enterprise Linux 10 and its variants to remediate these issues.
Potential Impact
The integer overflow and out-of-bounds read vulnerabilities in libsoup3 may allow an attacker to cause memory corruption or application crashes when handling HTTP cookie expiration dates. This could impact the stability and security of applications using libsoup3 for HTTP communication, potentially leading to denial of service or other unintended behaviors. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated libsoup3 packages that fix these vulnerabilities. Users of Red Hat Enterprise Linux 10 and related products should apply the security update described in advisory RHSA-2025:21032 promptly. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation actions are required beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:21032
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-11021"]
- Cvss Version
- null
Threat ID: 6a3da1dd4853345fc182a21d
Added to database: 06/25/2026, 21:47:09 UTC
Last enriched: 06/25/2026, 22:23:11 UTC
Last updated: 06/26/2026, 17:49:01 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.