CVE-2025-4969

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
redhatCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Debian logo
Debian Releases
Debian Product
Codename
libsoup2.4
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
libsoup3
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsoup2.4
plucky
deferred
oracular
deferred
noble
deferred
jammy
deferred
focal
deferred
bionic
deferred
xenial
deferred
libsoup3
plucky
deferred
oracular
deferred
noble
deferred
jammy
deferred
focal
dne
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-4969
https://bugzilla.redhat.com/show_bug.cgi?id=2367552