CVE-2025-12105

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libsoup versions prior to 3.6.5-1ubuntu0.3

Description The libsoup library contains a flaw in its asynchronous message queue handling, specifically when managing HTTP/2 communications. When network operations are aborted at certain times, an internal message queue item can be freed twice due to a lack of state synchronization. This results in a use-after-free memory access, which can cause the affected application to crash. An attacker could potentially exploit this behavior remotely by sending specific HTTP/2 read and cancel sequences, leading to a denial-of-service condition.

Recommendations Update to libsoup version 3.6.5-1ubuntu0.3 or later.

Fix

DoS

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:23139

AZL-72841

CVE-2025-12105

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2025:15766-1

OPENSUSE-SU-2026:20384-1

RHSA-2025:23139

RHSA-2025:23437

SUSE-SU-2025:4514-1

SUSE-SU-2026:0017-1

SUSE-SU-2026:20360-1

SUSE-SU-2026:20529-1

SUSE-SU-2026:20752-1

SUSE-SU-2026:20902-1

USN-7932-1

Affected Products

Debian

Linuxmint

Ubuntu

Libsoup

CVE-2025-12105

Weakness Enumeration

Related Identifiers

Affected Products

References · 81