CVE-2025-4948

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: libsoup (affected versions not specified)

Description: A flaw was found in the soup multipart new from message() function of the libsoup HTTP library. The issue occurs when the library processes specially crafted multipart messages, leading to improper validation and an internal calculation error, which can cause an integer underflow. This can result in the program accessing invalid memory and crashing, creating a denial-of-service risk.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2025:8126

ALSA-2025:8128

ALSA-2025:8132

AZL-61921

AZL-61953

BDU:2025-07136

CESA-2025_8132

CVE-2025-4948

DLA-4398-1

INFSA-2025_8126

INFSA-2025_8132

OESA-2025-1632

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2025:15185-1

OPENSUSE-SU-2025:15189-1

RHSA-2025:8126

RHSA-2025:8128

RHSA-2025:8132

RHSA-2025:8139

RHSA-2025:8140

RHSA-2025:8252

RHSA-2025:8480

RHSA-2025:8481

RHSA-2025:8482

RHSA-2025:8663

RHSA-2025:9179

RHSA-2025_8126

RHSA-2025_8132

SUSE-SU-2025:01794-1

SUSE-SU-2025:01801-1

SUSE-SU-2025:01802-1

SUSE-SU-2025:01812-1

SUSE-SU-2025:01817-1

SUSE-SU-2025:01864-1

SUSE-SU-2025:20453-1

SUSE-SU-2025:20598-1

SUSE-SU-2025_01794-1

SUSE-SU-2025_01812-1

SUSE-SU-2025_01817-1

USN-7643-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libsoup

CVE-2025-4948

Weakness Enumeration

Related Identifiers

Affected Products

References · 131