CVE-2025-32911
📋 TL;DR
A use-after-free vulnerability in libsoup's soup_message_headers_get_content_disposition() function allows malicious HTTP clients to cause memory corruption in servers using libsoup. This affects any application or service that uses libsoup for HTTP communication, particularly web servers and applications handling HTTP requests.
💻 Affected Systems
- libsoup
- applications using libsoup (GNOME applications, web services, etc.)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or service disruption.
Likely Case
Denial of service through application crashes or memory corruption leading to instability.
If Mitigated
Limited impact with proper memory protections and exploit mitigations in place.
🎯 Exploit Status
Exploitation requires sending malicious HTTP requests; complexity depends on memory layout and mitigations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories (e.g., RHSA-2025:21657) for patched versions.
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:21657
Restart Required: Yes
Instructions:
1. Update libsoup package via system package manager. 2. Restart affected services or applications using libsoup. 3. Verify the update with version checks.
🔧 Temporary Workarounds
Network Filtering
allBlock or filter malicious HTTP requests with abnormal Content-Disposition headers using a web application firewall (WAF) or network filter.
🧯 If You Can't Patch
- Isolate affected systems from untrusted networks to reduce attack surface.
- Implement strict input validation and sanitization for HTTP headers in applications.
🔍 How to Verify
Check if Vulnerable:
Check libsoup version against patched versions in Red Hat advisories; if unpatched, assume vulnerable.Check Version:
rpm -q libsoup (on Red Hat-based systems) or dpkg -l libsoup* (on Debian-based systems)Verify Fix Applied:
Verify libsoup package version matches or exceeds patched version from vendor advisories.📡 Detection & Monitoring
Log Indicators:
- Application crashes or abnormal termination logs from services using libsoup.
- Unusual HTTP request patterns with malformed headers.
Network Indicators:
- HTTP requests with crafted Content-Disposition headers targeting libsoup services.
SIEM Query:
source="application_logs" AND (event="crash" OR event="segfault") AND process="libsoup"🔗 References
- https://access.redhat.com/errata/RHSA-2025:21657
- https://access.redhat.com/errata/RHSA-2025:4439
- https://access.redhat.com/errata/RHSA-2025:4440
- https://access.redhat.com/errata/RHSA-2025:4508
- https://access.redhat.com/errata/RHSA-2025:4538
- https://access.redhat.com/errata/RHSA-2025:4560
- https://access.redhat.com/errata/RHSA-2025:4568
- https://access.redhat.com/errata/RHSA-2025:4609
- https://access.redhat.com/errata/RHSA-2025:4624
- https://access.redhat.com/errata/RHSA-2025:7436
- https://access.redhat.com/errata/RHSA-2025:8292
- https://access.redhat.com/errata/RHSA-2025:9179
- https://access.redhat.com/security/cve/CVE-2025-32911
- https://bugzilla.redhat.com/show_bug.cgi?id=2359355
- https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
