CVE-2025-2784
📋 TL;DR
CVE-2025-2784 is a heap buffer over-read vulnerability in libsoup's skip_insight_whitespace() function. When processing a malicious HTTP response, libsoup clients can read one byte beyond allocated memory boundaries. This affects any application or system using vulnerable versions of libsoup for HTTP communication.
💻 Affected Systems
- libsoup
- applications using libsoup (GNOME applications, web clients, etc.)
📦 What is this software?
Codeready Linux Builder For Arm64 by Redhat
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Ibm Z Systems by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Power Little Endian by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Libsoup by Gnome
⚠️ Risk & Real-World Impact
Worst Case
Exploitation could lead to information disclosure of adjacent memory contents, potentially exposing sensitive data like session tokens, passwords, or cryptographic keys. In rare cases, it could be chained with other vulnerabilities for more severe attacks.
Likely Case
Most probable impact is limited information disclosure of adjacent heap memory, which could reveal application state or small amounts of data. Denial of service through application crashes is also possible.
If Mitigated
With proper network segmentation and application sandboxing, impact is limited to the compromised process only. Memory randomization (ASLR) reduces reliability of information disclosure.
🎯 Exploit Status
Exploitation requires a malicious HTTP server that the victim connects to. The one-byte over-read limits immediate severe impact but could be used in exploit chains.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific distribution updates (e.g., libsoup 2.x or 3.x patched versions)
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:21657
Restart Required: Yes
Instructions:
1. Identify libsoup version on system. 2. Update via package manager: 'sudo yum update libsoup' (RHEL/CentOS) or 'sudo apt update && sudo apt upgrade libsoup' (Debian/Ubuntu). 3. Restart affected applications or services using libsoup.
🔧 Temporary Workarounds
Network filtering
linuxBlock outbound HTTP connections to untrusted servers from applications using libsoup
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using libsoup from untrusted networks
- Use application sandboxing (Firejail, Bubblewrap, SELinux) to limit impact of potential memory reads
🔍 How to Verify
Check if Vulnerable:
Check libsoup version: 'rpm -q libsoup' (RHEL) or 'dpkg -l | grep libsoup' (Debian/Ubuntu). Compare against patched versions in vendor advisories.Check Version:
rpm -q libsoup || dpkg -l | grep libsoup || ls -l /usr/lib*/libsoup*.so*Verify Fix Applied:
Verify updated version: 'rpm -q libsoup' should show patched version. Test with sample HTTP requests to ensure no crashes.📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults in libsoup-related processes
- Unexpected memory access errors in system logs
Network Indicators:
- HTTP responses with unusual whitespace patterns triggering the vulnerable function
SIEM Query:
source="*syslog*" AND "segmentation fault" AND "libsoup" OR source="*auth.log*" AND "memory fault"🔗 References
- https://access.redhat.com/errata/RHSA-2025:21657
- https://access.redhat.com/errata/RHSA-2025:7505
- https://access.redhat.com/errata/RHSA-2025:8126
- https://access.redhat.com/errata/RHSA-2025:8132
- https://access.redhat.com/errata/RHSA-2025:8139
- https://access.redhat.com/errata/RHSA-2025:8140
- https://access.redhat.com/errata/RHSA-2025:8252
- https://access.redhat.com/errata/RHSA-2025:8480
- https://access.redhat.com/errata/RHSA-2025:8481
- https://access.redhat.com/errata/RHSA-2025:8482
- https://access.redhat.com/errata/RHSA-2025:8663
- https://access.redhat.com/errata/RHSA-2025:9179
- https://access.redhat.com/security/cve/CVE-2025-2784
- https://bugzilla.redhat.com/show_bug.cgi?id=2354669
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
- https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
