High severity7.5NVD Advisory· Published Oct 23, 2025· Updated Apr 15, 2026
CVE-2025-12105
CVE-2025-12105
Description
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25- osv-coords24 versionspkg:rpm/almalinux/libsoup3pkg:rpm/almalinux/libsoup3-develpkg:rpm/almalinux/libsoup3-docpkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Server%20LTS%204.3
< 3.6.5-3.el10_1.7+ 23 more
- (no CPE)range: < 3.6.5-3.el10_1.7
- (no CPE)range: < 3.6.5-3.el10_1.7
- (no CPE)range: < 3.6.5-3.el10_1.7
- (no CPE)range: < 3.4.4-150600.3.21.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.6.5-9.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.4.4-150600.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.4.4-150600.3.21.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.4.4-150600.3.21.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.4.2-13.1
- (no CPE)range: < 3.4.4-slfo.1.1_6.1
- (no CPE)range: < 3.6.6-160000.1.1
- (no CPE)range: < 3.0.4-150400.3.21.1
- (no CPE)range: < 3.0.4-150400.3.21.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.