SUSE update for libsoup2

Published: 2025-09-06

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-4945
CWE-ID	CWE-190
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system libsoup2-devel-64bit Operating systems & Components / Operating system package or component libsoup-2_4-1-64bit-debuginfo Operating systems & Components / Operating system package or component libsoup-2_4-1-64bit Operating systems & Components / Operating system package or component libsoup2-lang Operating systems & Components / Operating system package or component libsoup-2_4-1-32bit-debuginfo Operating systems & Components / Operating system package or component libsoup-2_4-1-32bit Operating systems & Components / Operating system package or component libsoup2-devel-32bit Operating systems & Components / Operating system package or component libsoup2-devel Operating systems & Components / Operating system package or component libsoup-2_4-1 Operating systems & Components / Operating system package or component typelib-1_0-Soup-2_4 Operating systems & Components / Operating system package or component libsoup2-debugsource Operating systems & Components / Operating system package or component libsoup-2_4-1-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU109946

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-4945

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling cookies. A remote attacker can trick the victim into visiting a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package libsoup2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.3 - 5.5

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

openSUSE Leap: 15.4

libsoup2-devel-64bit: before 2.74.2-150400.3.12.1

libsoup-2_4-1-64bit-debuginfo: before 2.74.2-150400.3.12.1

libsoup-2_4-1-64bit: before 2.74.2-150400.3.12.1

libsoup2-lang: before 2.74.2-150400.3.12.1

libsoup-2_4-1-32bit-debuginfo: before 2.74.2-150400.3.12.1

libsoup-2_4-1-32bit: before 2.74.2-150400.3.12.1

libsoup2-devel-32bit: before 2.74.2-150400.3.12.1

libsoup2-devel: before 2.74.2-150400.3.12.1

libsoup-2_4-1: before 2.74.2-150400.3.12.1

typelib-1_0-Soup-2_4: before 2.74.2-150400.3.12.1

libsoup2-debugsource: before 2.74.2-150400.3.12.1

libsoup-2_4-1-debuginfo: before 2.74.2-150400.3.12.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202503091-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.