CVE-2025-32914
Description
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libsoup's soup_multipart_new_from_message() has an out-of-bounds read flaw allowing a malicious HTTP client to cause a crash or information disclosure.
Vulnerability
Overview A flaw in libsoup's soup_multipart_new_from_message() function leads to an out-of-bounds read vulnerability. This occurs when parsing specially crafted multipart HTTP messages, where improper bounds checking allows reading beyond allocated memory [1].
Exploitation
Prerequisites An unauthenticated attacker can trigger the vulnerability by sending a malicious HTTP client request to a libsoup server. No special network position is required beyond the ability to send HTTP messages. The attack is remotely exploitable without authentication [2].
Impact
Successful exploitation could cause the server to read out-of-bounds memory, potentially leading to a crash (denial of service) or leakage of sensitive information. The CVSS v3 base score is 7.4, indicating high severity [1][3].
Mitigation
Red Hat has released patches for affected versions of libsoup via RHSA-2025:7505, RHSA-2025:8126, RHSA-2025:8139, and RHSA-2025:8140. Users should update to the fixed package versions to remediate the flaw [1][2][3][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
46- osv-coords45 versionspkg:rpm/almalinux/libsouppkg:rpm/almalinux/libsoup3pkg:rpm/almalinux/libsoup3-develpkg:rpm/almalinux/libsoup3-docpkg:rpm/almalinux/libsoup-develpkg:rpm/opensuse/libsoup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsoup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup2&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libsoup2&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/libsoup&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libsoup&distro=SUSE%20Manager%20Server%204.3
< 2.72.0-10.el9_6.2+ 44 more
- (no CPE)range: < 2.72.0-10.el9_6.2
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 3.6.5-3.el10_0
- (no CPE)range: < 2.72.0-10.el9_6.2
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.3-9.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.6.5-2.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.3-150600.4.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.74.2-150400.3.6.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 3.4.4-150600.3.7.1
- (no CPE)range: < 2.62.2-5.12.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.68.4-150200.4.6.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 2.62.2-5.12.1
- (no CPE)range: < 3.4.2-6.1
- (no CPE)range: < 3.4.4-slfo.1.1_3.1
- (no CPE)range: < 3.0.4-150400.3.7.1
- (no CPE)range: < 3.0.4-150400.3.7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- access.redhat.com/errata/RHSA-2025:21657nvd
- access.redhat.com/errata/RHSA-2025:7505nvd
- access.redhat.com/errata/RHSA-2025:8126nvd
- access.redhat.com/errata/RHSA-2025:8132nvd
- access.redhat.com/errata/RHSA-2025:8139nvd
- access.redhat.com/errata/RHSA-2025:8140nvd
- access.redhat.com/errata/RHSA-2025:8252nvd
- access.redhat.com/errata/RHSA-2025:8480nvd
- access.redhat.com/errata/RHSA-2025:8481nvd
- access.redhat.com/errata/RHSA-2025:8482nvd
- access.redhat.com/errata/RHSA-2025:8663nvd
- access.redhat.com/errata/RHSA-2025:9179nvd
- access.redhat.com/security/cve/CVE-2025-32914nvd
- bugzilla.redhat.com/show_bug.cginvd
- gitlab.gnome.org/GNOME/libsoup/-/issues/436nvd
- lists.debian.org/debian-lts-announce/2025/04/msg00036.htmlnvd
News mentions
0No linked articles in our index yet.