CVE-2025-12105

EUVD-2025-35663

23.10.2025, 10:15

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Ubuntu Releases

Ubuntu Product

Codename

libsoup2.4

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected
xenial	not-affected

libsoup3

jammy	Fixed 3.0.7-0ubuntu1+esm6 released
noble	Fixed 3.4.4-5ubuntu0.6 released
plucky	Fixed 3.6.5-1ubuntu0.3 released
questing	Fixed 3.6.5-4ubuntu0.1 released

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (libsoup): Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux (libsoup) ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-12-11T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2025:23139

https://access.redhat.com/errata/RHSA-2025:23437

https://access.redhat.com/security/cve/CVE-2025-12105

https://bugzilla.redhat.com/show_bug.cgi?id=2405992