Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-4948

Date: May 19, 2025

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

Severity Score

Related Resources (16)

https://access.redhat.com/errata/RHSA-2025:8480
https://access.redhat.com/security/cve/CVE-2025-4948
https://access.redhat.com/errata/RHSA-2025:8482
https://access.redhat.com/errata/RHSA-2025:8140
https://access.redhat.com/errata/RHSA-2025:8481
https://access.redhat.com/errata/RHSA-2025:8132
https://nvd.nist.gov/vuln/detail/CVE-2025-4948
https://access.redhat.com/errata/RHSA-2025:8252
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/errata/RHSA-2025:8663
https://access.redhat.com/errata/RHSA-2025:8126
https://access.redhat.com/errata/RHSA-2025:8139
https://access.redhat.com/errata/RHSA-2025:8128
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
https://bugzilla.redhat.com/show_bug.cgi?id=2367183
https://www.mend.io/vulnerability-database/CVE-2025-4948

Severity Score

Weakness Type (CWE)

Integer Underflow (Wrap or Wraparound)

CWE-191

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us