CVE-2025-32908

HIGH

Red Hat Enterprise Linux 10 - Denial of Service via HTTP/2 Pseudo-Header Validation Bypass

Title source: llm
STIX 2.1

Description

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0053
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-115
Status published
Products (6)
Red Hat/Red Hat Enterprise Linux 10 0:3.6.5-3.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat In-Vehicle Operating System 1
Published Apr 14, 2025
Tracked Since Feb 18, 2026