CVE-2025-9901

03.09.2025, 13:15

A flaw was found in libsoups caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Debian Releases

Debian Product

Codename

libsoup2.4

bullseye	vulnerable
trixie	no-dsa
bookworm	no-dsa
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable

libsoup3

bookworm	no-dsa
trixie	no-dsa
forky	vulnerable
sid	vulnerable

Common Weakness Enumeration

CWE-524 - Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

References

https://access.redhat.com/security/cve/CVE-2025-9901

https://bugzilla.redhat.com/show_bug.cgi?id=2392790