CVE-2025-4948
📋 TL;DR
An integer underflow vulnerability in libsoup's soup_multipart_new_from_message() function allows specially crafted multipart messages to cause memory access violations and application crashes. This affects any application or server using libsoup for HTTP communications, particularly GNOME applications and web services. The primary risk is denial-of-service (DoS) through forced application termination.
💻 Affected Systems
- libsoup
- GNOME applications using libsoup
- web servers/services using libsoup
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical services using libsoup crash repeatedly, causing sustained denial-of-service and potential data loss from interrupted operations.
Likely Case
Applications crash when processing malicious multipart messages, causing temporary service disruption until restarted.
If Mitigated
With proper input validation and memory protection mechanisms, crashes are contained without privilege escalation or data compromise.
🎯 Exploit Status
Exploitation requires sending specially crafted multipart messages to vulnerable endpoints, which is straightforward for network-accessible services.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories (RHSA-2025:21657, etc.) for patched versions
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:21657
Restart Required: Yes
Instructions:
1. Identify affected libsoup packages. 2. Apply vendor patches via package manager (yum update libsoup, apt upgrade libsoup). 3. Restart affected applications/services.
🔧 Temporary Workarounds
Input filtering
allFilter or reject multipart messages at network perimeter or application layer
Process isolation
linuxRun vulnerable applications in containers with resource limits to contain crashes
docker run --memory=512m --cpus=1 your_app
🧯 If You Can't Patch
- Implement WAF rules to block suspicious multipart messages
- Use load balancers with health checks to automatically restart crashed services
🔍 How to Verify
Check if Vulnerable:
Check libsoup package version against patched versions in Red Hat advisoriesCheck Version:
rpm -q libsoup || dpkg -l | grep libsoup || pkg-config --modversion libsoup-2.4Verify Fix Applied:
Verify libsoup package version matches patched version from vendor advisory📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults
- Memory access violation errors in system logs
- Unexpected process terminations
Network Indicators:
- Unusual multipart HTTP requests
- Repeated requests causing service restarts
SIEM Query:
process:terminated AND (libsoup OR application_name) AND signal:SIGSEGV🔗 References
- https://access.redhat.com/errata/RHSA-2025:21657
- https://access.redhat.com/errata/RHSA-2025:8126
- https://access.redhat.com/errata/RHSA-2025:8128
- https://access.redhat.com/errata/RHSA-2025:8132
- https://access.redhat.com/errata/RHSA-2025:8139
- https://access.redhat.com/errata/RHSA-2025:8140
- https://access.redhat.com/errata/RHSA-2025:8252
- https://access.redhat.com/errata/RHSA-2025:8480
- https://access.redhat.com/errata/RHSA-2025:8481
- https://access.redhat.com/errata/RHSA-2025:8482
- https://access.redhat.com/errata/RHSA-2025:8663
- https://access.redhat.com/errata/RHSA-2025:9179
- https://access.redhat.com/security/cve/CVE-2025-4948
- https://bugzilla.redhat.com/show_bug.cgi?id=2367183
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
