PT-2025-17731 · Libsoup+9 · Libsoup+9

Published

2025-04-24

·

Updated

2025-11-05

·

CVE-2025-46421

CVSS v2.0

7.1

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)
Description A flaw was found in libsoup where clients encountering an HTTP redirect mistakenly send the HTTP Authorization header to the new host. This allows the new host to impersonate the user to the original host that issued the redirect.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

ALSA-2025:4560
ALSA-2025:7436
ALSA-2025:7505
AZL-61498
AZL-61630
BDU:2025-07135
CESA-2025_4560
CVE-2025-46421
INFSA-2025_4560
INFSA-2025_7436
MGASA-2025-0261
OESA-2025-1485
OPENSUSE-SU-2025:15044-1
OPENSUSE-SU-2025_1503-1
OPENSUSE-SU-2025_1504-1
OPENSUSE-SU-2025_1509-1
OPENSUSE-SU-2025_1510-1
RHSA-2025:4439
RHSA-2025:4440
RHSA-2025:4508
RHSA-2025:4538
RHSA-2025:4560
RHSA-2025:4568
RHSA-2025:4609
RHSA-2025:4624
RHSA-2025:7436
RHSA-2025:7505
RHSA-2025_4560
RHSA-2025_7436
SUSE-SU-2025:01503-1
SUSE-SU-2025:01504-1
SUSE-SU-2025:1503-1
SUSE-SU-2025:1504-1
SUSE-SU-2025:1509-1
SUSE-SU-2025:1510-1
SUSE-SU-2025:1518-1
SUSE-SU-2025:1519-1
SUSE-SU-2025:20375-1
SUSE-SU-2025:20446-1
USN-7490-1
USN-7490-3

Affected Products

Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libsoup