CVE-2025-11021

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description A flaw exists in the cookie date handling logic of the libsoup HTTP library. Processing cookies with crafted expiration dates may lead to an out-of-bounds memory read, potentially exposing sensitive information from the process using libsoup.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:18183

ALSA-2025:19714

ALSA-2025:20959

ALSA-2025:21032

AZL-67860

AZL-67875

BDU:2026-02735

CESA-2025_19714

CVE-2025-11021

ECHO-692B-622B-7965

INFSA-2025_19713

INFSA-2025_19714

INFSA-2025_20959

OPENSUSE-SU-2025:15633-1

OPENSUSE-SU-2026:20142-1

RHSA-2025:18183

RHSA-2025:19713

RHSA-2025:19714

RHSA-2025:20959

RHSA-2025:21032

RHSA-2025:21655

RHSA-2025:21656

RHSA-2025:21657

RHSA-2025:21664

RHSA-2025:21665

RHSA-2025:21666

RHSA-2025:21772

RHSA-2025:22013

RHSA-2025_19713

RHSA-2025_19714

RHSA-2025_20959

SUSE-SU-2025:20937-1

SUSE-SU-2025:20965-1

SUSE-SU-2025:3752-1

SUSE-SU-2025:3753-1

SUSE-SU-2025_3752-1

SUSE-SU-2025_3753-1

SUSE-SU-2026:20205-1

SUSE-SU-2026:20212-1

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Suse

Libsoup

CVE-2025-11021

Weakness Enumeration

Related Identifiers

Affected Products

References · 72