Home > Vulnerability Database > CVE-2025-46421

Mend.io Vulnerability Database

CVE-2025-46421

Good to know:

Date: April 24, 2025

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

Severity Score

6.8

Related Resources (15)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46421

Url: https://access.redhat.com/security/cve/CVE-2025-46421

Url: https://access.redhat.com/errata/RHSA-2025:4609

Url: https://access.redhat.com/errata/RHSA-2025:4508

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2361962

Url: https://access.redhat.com/errata/RHSA-2025:4439

Url: https://access.redhat.com/errata/RHSA-2025:4538

Url: https://access.redhat.com/errata/RHSA-2025:4624

Url: https://access.redhat.com/errata/RHSA-2025:4568

Url: https://access.redhat.com/errata/RHSA-2025:7436

Url: https://access.redhat.com/errata/RHSA-2025:7505

Url: https://access.redhat.com/errata/RHSA-2025:4440

Url: https://access.redhat.com/errata/RHSA-2025:4560

Url: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439

Url: https://www.mend.io/vulnerability-database/CVE-2025-46421

Severity Score

6.8

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

Upgrade Version

Upgrade to version https://github.com/GNOME/libsoup.git - 3.6.5

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46421

Good to know:

Date: April 24, 2025

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?