PT-2025-16235 · Gnome+11 · Gnome Libsoup+11

Published

2025-01-01

Updated

2026-03-10

CVE-2025-32911

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A use-after-free type vulnerability was found in libsoup, in the soup message headers get content disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. The vulnerability can be exploited by sending a specially crafted POST request, potentially allowing a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-590

Related Identifiers

ALSA-2025:4560

ALSA-2025:7436

ALSA-2025:8292

ALT-PU-2025-10633

ALT-PU-2025-10672

AZL-60489

AZL-60547

BDU:2025-04723

CESA-2025_4560

CESA-2025_8292

CVE-2025-32911

DLA-4140-1

INFSA-2025_4560

INFSA-2025_7436

INFSA-2025_8292

MGASA-2025-0261

OESA-2025-1460

OPENSUSE-SU-2025_1504-1

RHSA-2025:4439

RHSA-2025:4440

RHSA-2025:4508

RHSA-2025:4538

RHSA-2025:4560

RHSA-2025:4568

RHSA-2025:4609

RHSA-2025:4624

RHSA-2025:7436

RHSA-2025:8292

RHSA-2025:9179

RHSA-2025_4560

RHSA-2025_7436

RHSA-2025_8292

SUSE-SU-2025:01504-1

SUSE-SU-2025:01794-1

SUSE-SU-2025:01801-1

SUSE-SU-2025:01802-1

SUSE-SU-2025:01864-1

SUSE-SU-2025:1504-1

SUSE-SU-2025:20375-1

SUSE-SU-2025:20446-1

SUSE-SU-2025:4514-1

SUSE-SU-2025_01794-1

USN-7490-1

USN-7490-3

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Gnome Libsoup

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2025-16235 · Gnome+11 · Gnome Libsoup+11

CVE-2025-32911

Weakness Enumeration

Related Identifiers

Affected Products

References · 169