CVE-2025-32906 - Vulnerability Details

A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0033.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
libsoup3-0:3.6.5-3.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:7505	2025-05-13T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
libsoup-0:2.62.2-6.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:9179	2025-06-17T00:00:00Z
Red Hat Enterprise Linux 8
libsoup-0:2.62.3-8.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:4560	2025-05-06T00:00:00Z
mingw-freetype-0:2.8-3.el8_10.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:8292	2025-05-29T00:00:00Z
spice-client-win-0:8.10-1	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:8292	2025-05-29T00:00:00Z
libsoup-0:2.62.3-8.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:4560	2025-05-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
libsoup-0:2.62.3-1.el8_2.4	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:4538	2025-05-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
libsoup-0:2.62.3-2.el8_4.4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:4609	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
libsoup-0:2.62.3-2.el8_4.4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:4609	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
libsoup-0:2.62.3-2.el8_4.4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:4609	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
libsoup-0:2.62.3-2.el8_6.4	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:4624	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
libsoup-0:2.62.3-2.el8_6.4	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:4624	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
libsoup-0:2.62.3-2.el8_6.4	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:4624	2025-05-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
libsoup-0:2.62.3-3.el8_8.4	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:4568	2025-05-06T00:00:00Z
Red Hat Enterprise Linux 9
libsoup-0:2.72.0-10.el9_6.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:7436	2025-05-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
libsoup-0:2.72.0-8.el9_0.4	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:4439	2025-05-05T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libsoup-0:2.72.0-8.el9_2.4	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:4508	2025-05-06T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
libsoup-0:2.72.0-8.el9_4.4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:4440	2025-05-05T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4140-1	libsoup2.4 security update
EUVD	EUVD-2025-10898	A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
Ubuntu USN	USN-7490-1	libsoup vulnerabilities
Ubuntu USN	USN-7490-3	libsoup vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Currently, no mitigation was found for this vulnerability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:4439
https://access.redhat.com/errata/RHSA-2025:4440
https://access.redhat.com/errata/RHSA-2025:4508
https://access.redhat.com/errata/RHSA-2025:4538
https://access.redhat.com/errata/RHSA-2025:4560
https://access.redhat.com/errata/RHSA-2025:4568
https://access.redhat.com/errata/RHSA-2025:4609
https://access.redhat.com/errata/RHSA-2025:4624
https://access.redhat.com/errata/RHSA-2025:7436
https://access.redhat.com/errata/RHSA-2025:7505
https://access.redhat.com/errata/RHSA-2025:8292
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/security/cve/CVE-2025-32906
https://bugzilla.redhat.com/show_bug.cgi?id=2359341
https://nvd.nist.gov/vuln/detail/CVE-2025-32906
https://www.cve.org/CVERecord?id=CVE-2025-32906

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00835}`	epss `{'score': 0.01119}`

Tue, 17 Jun 2025 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:9179

Thu, 29 May 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::crb
References		https://access.redhat.com/errata/RHSA-2025:8292

Wed, 14 May 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Tue, 13 May 2025 20:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:7505

Tue, 13 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:7436

Wed, 07 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/o:redhat:enterprise_linux:8

Wed, 07 May 2025 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:4609 https://access.redhat.com/errata/RHSA-2025:4624

Tue, 06 May 2025 20:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:rhel_eus:8.8::appstream cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/o:redhat:enterprise_linux:8::baseos cpe:/o:redhat:rhel_eus:8.8::baseos
References		https://access.redhat.com/errata/RHSA-2025:4508 https://access.redhat.com/errata/RHSA-2025:4560 https://access.redhat.com/errata/RHSA-2025:4568

Tue, 06 May 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Vendors & Products		Redhat rhel Aus
References		https://access.redhat.com/errata/RHSA-2025:4538

Mon, 05 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.4

Mon, 05 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:4440

Mon, 05 May 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:4439

Tue, 15 Apr 2025 02:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-32906 https://www.cve.org/CVERecord?id=CVE-2025-32906
Metrics	threat_severity `None`	threat_severity `Important`

Mon, 14 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 14 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
Title		Libsoup: out of bounds reads in soup_headers_parse_request()
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-125
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-32906 https://bugzilla.redhat.com/show_bug.cgi?id=2359341
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-04-14T13:58:39.718Z

Updated: 2025-07-29T00:25:03.495Z

Reserved: 2025-04-14T01:37:48.152Z

Link: CVE-2025-32906

Vulnrichment

Updated: 2025-04-14T14:13:53.091Z

NVD

Status : Awaiting Analysis

Published: 2025-04-14T14:15:24.433

Modified: 2025-06-17T12:15:24.950

Link: CVE-2025-32906

Redhat

Severity : Important

Publid Date: 2025-04-14T00:00:00Z

Links: CVE-2025-32906 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object