PT-2025-35713 · Libsoup+1 · Libsoup+1

Zkbytes

Published

2025-09-03

Updated

2026-05-06

CVE-2025-9901

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. The HTTP Vary header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. This issue could result in confidentiality breaches in proxy or multi-user environments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-524

Related Identifiers

AZL-67058

AZL-67061

CVE-2025-9901

ECHO-0BD2-8B5E-2B5A

Affected Products

Debian

Libsoup

PT-2025-35713 · Libsoup+1 · Libsoup+1

CVE-2025-9901

Weakness Enumeration

Related Identifiers

Affected Products

References · 15