CVE-2025-46421
MEDIUMRed Hat Enterprise Linux - Unauthorized Authorization Header Exposure via HTTP Redirect
Title source: llmDescription
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4439
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4440
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4508
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4538
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4560
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4568
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4609
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4624
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7436
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7505
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-46421
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2361962
Issue Tracking
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
Scores
CVSS v3
6.8
EPSS
0.0046
EPSS Percentile
36.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-497
Status
published
Products (16)
Red Hat/Red Hat Enterprise Linux 10
0:3.6.5-3.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:2.62.3-8.el8_10
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:2.62.3-1.el8_2.4
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:2.62.3-2.el8_4.4
Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service
0:2.62.3-2.el8_4.4
Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
0:2.62.3-2.el8_4.4
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:2.62.3-2.el8_6.4
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:2.62.3-2.el8_6.4
... and 6 more
Published
Apr 24, 2025
Tracked Since
Feb 18, 2026