Medium severity6.8NVD Advisory· Published Apr 24, 2025· Updated Apr 15, 2026
CVE-2025-46421
CVE-2025-46421
Description
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- access.redhat.com/errata/RHSA-2025:4439nvd
- access.redhat.com/errata/RHSA-2025:4440nvd
- access.redhat.com/errata/RHSA-2025:4508nvd
- access.redhat.com/errata/RHSA-2025:4538nvd
- access.redhat.com/errata/RHSA-2025:4560nvd
- access.redhat.com/errata/RHSA-2025:4568nvd
- access.redhat.com/errata/RHSA-2025:4609nvd
- access.redhat.com/errata/RHSA-2025:4624nvd
- access.redhat.com/errata/RHSA-2025:7436nvd
- access.redhat.com/errata/RHSA-2025:7505nvd
- access.redhat.com/security/cve/CVE-2025-46421nvd
- bugzilla.redhat.com/show_bug.cginvd
- gitlab.gnome.org/GNOME/libsoup/-/issues/439nvd
News mentions
0No linked articles in our index yet.