CVE-2025-4945

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: libsoup (affected versions not specified)

Description: A flaw was found in the cookie parsing logic of the libsoup HTTP library, which is used in GNOME applications and other software. The issue arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The problem stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:19714

ALSA-2025:20959

ALSA-2025:21032

BDU:2025-10260

CESA-2025_19714

CVE-2025-4945

DLA-4398-1

INFSA-2025_19713

INFSA-2025_19714

INFSA-2025_20959

MGASA-2025-0261

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2025:15241-1

OPENSUSE-SU-2025:15242-1

RHSA-2025:19713

RHSA-2025:19714

RHSA-2025:19720

RHSA-2025:20959

RHSA-2025:21032

RHSA-2025_19713

RHSA-2025_19714

RHSA-2025_20959

SUSE-SU-2025:02212-1

SUSE-SU-2025:02276-1

SUSE-SU-2025:02277-1

SUSE-SU-2025:02737-1

SUSE-SU-2025:03026-1

SUSE-SU-2025:03091-1

SUSE-SU-2025:20453-1

SUSE-SU-2025:20598-1

SUSE-SU-2025_02276-1

SUSE-SU-2025_02277-1

SUSE-SU-2025_03026-1

USN-7643-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libsoup

CVE-2025-4945

Weakness Enumeration

Related Identifiers

Affected Products

References · 111