CVE-2025-14523

EUVD-2025-202685

11.12.2025, 13:15

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

HTTP Request/Response Smuggling

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
redhat	CNA	8.2 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	3.6.5-9 fixed
sid	3.6.6-1 fixed
trixie	no-dsa

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://access.redhat.com/errata/RHSA-2026:0421

https://access.redhat.com/errata/RHSA-2026:0422

https://access.redhat.com/errata/RHSA-2026:0423

https://access.redhat.com/errata/RHSA-2026:0836

https://access.redhat.com/errata/RHSA-2026:0867

https://access.redhat.com/errata/RHSA-2026:0868

https://access.redhat.com/errata/RHSA-2026:0905

https://access.redhat.com/errata/RHSA-2026:0906

https://access.redhat.com/errata/RHSA-2026:0907

https://access.redhat.com/errata/RHSA-2026:0908

https://access.redhat.com/errata/RHSA-2026:0909

https://access.redhat.com/errata/RHSA-2026:0911

https://access.redhat.com/errata/RHSA-2026:0925

https://access.redhat.com/errata/RHSA-2026:1509

https://access.redhat.com/errata/RHSA-2026:1569

https://access.redhat.com/errata/RHSA-2026:1570

https://access.redhat.com/errata/RHSA-2026:1571

https://access.redhat.com/errata/RHSA-2026:1572

https://access.redhat.com/security/cve/CVE-2025-14523

https://bugzilla.redhat.com/show_bug.cgi?id=2421349