CVE-2025-11021

EUVD-2025-31225
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsoup-3_0-0
suse enterprise desktop 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.18.1
fixed
libsoup-devel
suse enterprise desktop 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.18.1
fixed
libsoup-lang
suse enterprise desktop 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.18.1
fixed
typelib-1_0-Soup-3_0
suse enterprise desktop 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise desktop 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise sap 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise sap 15 SP7
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150400.3.18.1
fixed
suse enterprise server 15 SP6
3.4.4-150600.3.18.1
fixed
suse enterprise server 15 SP7
3.4.4-150600.3.18.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libsoup
RHEL 8
0:2.62.3-10.el8_10
fixed
RHEL 8.2 AUS
0:2.62.3-1.el8_2.6
fixed
RHEL 8.4 AUS
0:2.62.3-2.el8_4.6
fixed
RHEL 8.6 AUS
0:2.62.3-2.el8_6.6
fixed
RHEL 8.6 E4S
0:2.62.3-2.el8_6.6
fixed
RHEL 8.6 TUS
0:2.62.3-2.el8_6.6
fixed
RHEL 8.8 E4S
0:2.62.3-3.el8_8.6
fixed
RHEL 9
0:2.72.0-12.el9_7.1
fixed
libsoup-devel
RHEL 8
0:2.62.3-10.el8_10
fixed
RHEL 8.2 AUS
0:2.62.3-1.el8_2.6
fixed
RHEL 8.4 AUS
0:2.62.3-2.el8_4.6
fixed
RHEL 8.6 AUS
0:2.62.3-2.el8_6.6
fixed
RHEL 8.6 E4S
0:2.62.3-2.el8_6.6
fixed
RHEL 8.6 TUS
0:2.62.3-2.el8_6.6
fixed
RHEL 8.8 E4S
0:2.62.3-3.el8_8.6
fixed
RHEL 9
0:2.72.0-12.el9_7.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:18183
https://access.redhat.com/errata/RHSA-2025:19713
https://access.redhat.com/errata/RHSA-2025:19714
https://access.redhat.com/errata/RHSA-2025:20959
https://access.redhat.com/errata/RHSA-2025:21032
https://access.redhat.com/errata/RHSA-2025:21655
https://access.redhat.com/errata/RHSA-2025:21656
https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:21664
https://access.redhat.com/errata/RHSA-2025:21665
https://access.redhat.com/errata/RHSA-2025:21666
https://access.redhat.com/errata/RHSA-2025:21772
https://access.redhat.com/errata/RHSA-2025:22013
https://access.redhat.com/security/cve/CVE-2025-11021
https://bugzilla.redhat.com/show_bug.cgi?id=2399627
https://gitlab.gnome.org/GNOME/libsoup/-/issues/459