CVE-2025-32914

Published: Apr 14, 2025

Modified: Apr 22, 2026

PUBLISHED

CVSS v3.1

7.4

HIGH

Description

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.

Vendor	Product	Versions
Unknown	libsoup	affected `0 - < 3.6.5`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:3.6.5-3.el10_0 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.62.2-9.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.62.2-6.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.62.3-9.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.62.3-9.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:2.62.3-1.el8_2.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:2.62.3-2.el8_4.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:2.62.3-2.el8_6.5 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:2.62.3-3.el8_8.5 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.72.0-10.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:2.72.0-8.el9_0.5 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:2.72.0-8.el9_2.5 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:2.72.0-8.el9_4.5 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions