CVE-2025-32914

HIGH

libsoup - Memory Corruption

Title source: llm

Description

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

References (16)

Core 16

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21657

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:7505

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8126

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8132

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8139

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8140

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8252

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8480

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8481

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8482

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:8663

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9179

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-32914

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2359358

https://gitlab.gnome.org/GNOME/libsoup/-/issues/436

Mailing List

https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Scores

CVSS v3 7.4

EPSS 0.0052

EPSS Percentile 66.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (15)

Red Hat/Red Hat Enterprise Linux 10 0:3.6.5-3.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.62.2-6.el7_9

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.62.2-9.el7_9

Red Hat/Red Hat Enterprise Linux 8 0:2.62.3-9.el8_10

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 0:2.62.3-1.el8_2.5

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:2.62.3-2.el8_4.5

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 0:2.62.3-2.el8_6.5

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 0:2.62.3-2.el8_6.5

Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 0:2.62.3-2.el8_6.5

... and 5 more

Published Apr 14, 2025

Tracked Since Feb 18, 2026