Home > Vulnerability Database > CVE-2025-11021

Mend.io Vulnerability Database

CVE-2025-11021

Date: September 26, 2025

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11021

Url: https://access.redhat.com/errata/RHSA-2025:18183

Url: https://access.redhat.com/security/cve/CVE-2025-11021

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2399627

Url: https://www.mend.io/vulnerability-database/CVE-2025-11021

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11021

Date: September 26, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?