A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, no mitigation is available for this vulnerability.

History

Thu, 29 May 2025 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 29 May 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Wed, 21 May 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Tue, 15 Apr 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 14 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.
Title Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-476
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:20:32.238Z

Reserved: 2025-04-14T01:59:13.827Z

Link: CVE-2025-32910

cve-icon Vulnrichment

Updated: 2025-04-14T14:54:39.287Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-04-14T15:15:25.307

Modified: 2025-05-29T07:15:24.627

Link: CVE-2025-32910

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-14T00:00:00Z

Links: CVE-2025-32910 - Bugzilla

cve-icon OpenCVE Enrichment

No data.