#VU109945 Integer underflow in libsoup - CVE-2025-4948


Vulnerability identifier: #VU109945

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-4948

CWE-ID: CWE-191

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libsoup
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow within the soup_multipart_new_from_message() function when handling multipart messages. A remote attacker can trick the victim into visiting a specially crafted website, trigger an integer underflow and crash the application.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

libsoup: All versions

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2367183

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for libsoup
Anolis OS update for libsoup
SUSE update for libsoup
SUSE update for libsoup2
SUSE update for libsoup
Red Hat Enterprise Linux 8 update for libsoup
Red Hat Enterprise Linux 9 update for libsoup
Red Hat Enterprise Linux 8 update for libsoup
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18
SUSE update for libsoup