Login Sign Up

CVE-2025-14523

8.2 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in libsoup's HTTP header handling allows attackers to send duplicate Host headers, creating a mismatch between proxy routing and backend interpretation. This enables request smuggling, cache poisoning, and host-based access control bypass. Systems using libsoup for HTTP processing with front-end proxies are affected.

💻 Affected Systems

Products:
  • libsoup
Versions: Versions prior to the patched release (specific version depends on distribution)
Operating Systems: Linux distributions using libsoup (RHEL, Fedora, Ubuntu, Debian, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires libsoup to be used with a front-end proxy that handles Host headers differently than libsoup's backend processing.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of security controls, cache poisoning affecting multiple users, and potential data exfiltration through request smuggling.

🟠

Likely Case

Cache poisoning leading to credential theft or malware distribution, and bypassing host-based access controls to reach restricted backend services.

🟢

If Mitigated

Limited impact with proper header validation at both proxy and backend layers, though some request smuggling may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to send HTTP requests but no authentication. The technique is similar to known request smuggling attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific distribution advisories (e.g., RHEL errata RHSA-2026:0421 through RHSA-2026:0867)

Vendor Advisory: https://access.redhat.com/errata/RHSA-2026:0421

Restart Required: Yes

Instructions:

1. Identify libsoup version on your system. 2. Apply updates via your package manager (e.g., 'yum update libsoup' for RHEL). 3. Restart services using libsoup.

🔧 Temporary Workarounds

Proxy Host Header Validation

linux

Configure front-end proxies to reject or normalize duplicate Host headers before forwarding to backends.

# Example for nginx: add 'proxy_set_header Host $host;' to ensure single Host header

Application Layer Validation

all

Implement custom middleware in applications to detect and reject duplicate Host headers.

🧯 If You Can't Patch

  • Implement strict HTTP header validation at both proxy and application layers to reject duplicate Host headers.
  • Use web application firewalls (WAFs) configured to detect and block requests with multiple Host headers.

🔍 How to Verify

Check if Vulnerable:

Check libsoup version against patched versions in vendor advisories. Test by sending HTTP requests with duplicate Host headers and observing backend behavior.

Check Version:

rpm -q libsoup (RHEL/Fedora) or dpkg -l libsoup (Debian/Ubuntu)

Verify Fix Applied:

After patching, verify that duplicate Host headers are rejected or normalized by libsoup. Test with the same duplicate header requests.

📡 Detection & Monitoring

Log Indicators:

  • HTTP logs showing requests with multiple Host headers
  • Proxy logs indicating routing mismatches between Host header values

Network Indicators:

  • HTTP traffic containing duplicate Host headers in requests
  • Unusual request patterns suggesting cache poisoning attempts

SIEM Query:

source="web_logs" AND http.headers CONTAINS "Host:" AND count(http.headers, "Host:") > 1

📊 Metadata

CVE ID: CVE-2025-14523
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CWE: CWE-444
EPSS Score: 0.06% exploit probability (19.6th percentile)
Published: December 11, 2025
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14523, you might also want to check these:

CVE-2022-22536 10.0

CVE-2022-22536 is a critical HTTP request smuggling vulnerability in multiple SAP components that al...

Same vulnerability type (CWE-444)
CVE-2025-55315 9.9

CVE-2025-55315 is an HTTP request smuggling vulnerability in ASP.NET Core that allows an authenticat...

Same vulnerability type (CWE-444)
CVE-2023-29141 9.8

This vulnerability in MediaWiki allows attackers to trigger automatic IP blocking by manipulating th...

Same vulnerability type (CWE-444)