CVE-2025-9901

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. The HTTP Vary header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. This issue could result in confidentiality breaches in proxy or multi-user environments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.