Description
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
Published: 2025-04-03
Score: 6.5 Medium
EPSS: 1.1% Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

Libsoup, a widely used HTTP client library, contains a heap buffer over‑read in the sniff_unknown() function. The bug allows an attacker to read memory beyond the bounds of a heap buffer during content‑type analysis, potentially exposing sensitive information or leading to memory corruption. The input does not mention execution of arbitrary code, but such an information leak or crash could be leveraged in further attacks or as part of a broader compromise. The weakness corresponds to CWE‑126, i.e., a buffer over‑read vulnerability that can compromise data confidentiality and system reliability.

Affected Systems

The flaw affects all Red Hat Enterprise Linux releases from 6 through 10, including the 8.8 Extended Update Support (EUS), 9.2 EUS, and 9.4 EUS branches. Systems running any of these platforms that incorporate an unpatched version of the libsoup library are affected.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. An EPSS score of 1% shows a low but non‑zero probability that the vulnerability will be exploited in the wild. The flaw is not listed in CISA’s KEV catalog, so there is no evidence of active exploitation. The likely attack vector involves an adversary sending crafted network traffic—such as a malicious HTTP request—to a service that incorporates libsoup. Since the buffer over‑read occurs during the sniffing of unknown content types, any HTTP client or server that uses libsoup as its transport layer could be a target. The exploit landscape is limited to systems with old or unpatched libsoup installations, and remediation through RHEL errata is available.

Generated by OpenCVE AI on April 22, 2026 at 13:25 UTC.

Remediation

Vendor Workaround

No mitigation is currently available for this vulnerability.

OpenCVE Recommended Actions

  • Update to the latest Red Hat Enterprise Linux packages that provide the patched libsoup implementation via the relevant errata (e.g., RHSA‑2025:4440, RHSA‑2025:4508, RHSA‑2025:4560, RHSA‑2025:4568, RHSA‑2025:7436, or RHSA‑2025:8292).
  • Apply the same upgrade process to systems running extended update support branches (EUS) such as RHEL 8.8 EUS, RHEL 9.2 EUS, and RHEL 9.4 EUS to ensure the vulnerability is fixed.
  • Isolate the affected services or restrict external access to the libraries until the patch is available, mitigating risk of exploitation when immediate patching is not feasible.

Generated by OpenCVE AI on April 22, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4140-1 libsoup2.4 security update
EUVD EUVD EUVD-2025-9631 A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
Ubuntu USN Ubuntu USN USN-7432-1 libsoup vulnerabilities
Ubuntu USN Ubuntu USN USN-7565-1 libsoup vulnerabilities
History

Wed, 22 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 29 May 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::crb
References

Wed, 21 May 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Wed, 14 May 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Tue, 13 May 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Wed, 07 May 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/o:redhat:enterprise_linux:8

Tue, 06 May 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos
References

Mon, 05 May 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4

Mon, 05 May 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Fri, 04 Apr 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 03 Apr 2025 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Thu, 03 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-126
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 03 Apr 2025 14:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
Title Libsoup: heap buffer overflow in sniff_unknown()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-122
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux Rhel Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T10:16:59.474Z

Reserved: 2025-04-03T01:42:14.135Z

Link: CVE-2025-32052

cve-icon Vulnrichment

Updated: 2025-11-03T19:53:15.629Z

cve-icon NVD

Status : Deferred

Published: 2025-04-03T14:15:44.077

Modified: 2026-04-22T11:16:01.550

Link: CVE-2025-32052

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-03T00:00:00Z

Links: CVE-2025-32052 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T13:30:17Z

Weaknesses