Vulnerability DatabaseCVE-2025-32911
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-32911
April 15, 2025
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
Affected Packages
https://gitlab.gnome.org/GNOME/libsoup.git (SCM_GIT):
Affected version(s) >=2.40.0 <3.6.5
Fix Suggestion:
Update to version 3.6.5
Related Resources (15)
https://access.redhat.com/security/cve/CVE-2025-32911
https://access.redhat.com/errata/RHSA-2025:4508
https://access.redhat.com/errata/RHSA-2025:4609
https://access.redhat.com/errata/RHSA-2025:7436
https://access.redhat.com/errata/RHSA-2025:4624
https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:4440
https://access.redhat.com/errata/RHSA-2025:4439
https://access.redhat.com/errata/RHSA-2025:8292
https://access.redhat.com/errata/RHSA-2025:4568
https://access.redhat.com/errata/RHSA-2025:4538
https://access.redhat.com/errata/RHSA-2025:9179
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
https://bugzilla.redhat.com/show_bug.cgi?id=2359355
https://access.redhat.com/errata/RHSA-2025:4560
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Free of Memory not on the Heap
CWE-590
EPSS
Base Score:
0.61