PT-2025-21746 · Libsoup+5 · Libsoup+5

Published

2025-05-15

Updated

2026-05-06

CVE-2025-4476

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: libsoup (affected versions not specified)

Description: A denial-of-service issue has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-61902

AZL-61910

BDU:2025-10928

CVE-2025-4476

DLA-4398-1

MGASA-2025-0261

OESA-2025-1632

OESA-2025-2279

OPENSUSE-SU-2025:15185-1

OPENSUSE-SU-2026:10166-1

OPENSUSE-SU-2026:20354-1

SUSE-SU-2025:01812-1

SUSE-SU-2025:01817-1

SUSE-SU-2025:20453-1

SUSE-SU-2025:20598-1

SUSE-SU-2025_01812-1

SUSE-SU-2025_01817-1

SUSE-SU-2026:0469-1

SUSE-SU-2026:0497-1

SUSE-SU-2026:0574-1

SUSE-SU-2026:0703-1

USN-7543-1

Affected Products

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Libsoup

PT-2025-21746 · Libsoup+5 · Libsoup+5

CVE-2025-4476

Weakness Enumeration

Related Identifiers

Affected Products

References · 93