CVE-2025-4948

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4948

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

A

flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:8126
https://access.redhat.com/errata/RHSA-2025:8128
https://access.redhat.com/errata/RHSA-2025:8132
https://access.redhat.com/errata/RHSA-2025:8139
https://access.redhat.com/errata/RHSA-2025:8140
https://access.redhat.com/errata/RHSA-2025:8252
https://access.redhat.com/errata/RHSA-2025:8480
https://access.redhat.com/errata/RHSA-2025:8481
https://access.redhat.com/errata/RHSA-2025:8482
https://access.redhat.com/errata/RHSA-2025:8663
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/security/cve/CVE-2025-4948
https://bugzilla.redhat.com/show_bug.cgi?id=2367183
https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
Configurations

No configuration.

History

18 Nov 2025, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:21657 -

30 Jul 2025, 15:15

Type Values Removed Values Added
References
  • () https://gitlab.gnome.org/GNOME/libsoup/-/issues/449 -

17 Jun 2025, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:9179 -

09 Jun 2025, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8663 -

04 Jun 2025, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8480 -
  • () https://access.redhat.com/errata/RHSA-2025:8481 -
  • () https://access.redhat.com/errata/RHSA-2025:8482 -

28 May 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8252 -

26 May 2025, 12:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en la función soup_multipart_new_from_message() de la librería HTTP libsoup, comúnmente utilizada por GNOME y otras aplicaciones para gestionar las comunicaciones web. El problema ocurre cuando la librería procesa mensajes multiparte especialmente manipulados. Debido a una validación incorrecta, un cálculo interno puede fallar, provocando un desbordamiento de enteros. Esto puede provocar que el programa acceda a memoria no válida y se bloquee. Como resultado, cualquier aplicación o servidor que utilice libsoup podría verse obligado a cerrarse inesperadamente, creando un riesgo de denegación de servicio (DoS).
References
  • () https://access.redhat.com/errata/RHSA-2025:8126 -
  • () https://access.redhat.com/errata/RHSA-2025:8128 -
  • () https://access.redhat.com/errata/RHSA-2025:8132 -
  • () https://access.redhat.com/errata/RHSA-2025:8139 -
  • () https://access.redhat.com/errata/RHSA-2025:8140 -

19 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-19 16:15

Updated : 2025-11-18 09:15

NVD link : CVE-2025-4948

Mitre link : CVE-2025-4948

CVE.ORG link : CVE-2025-4948

JSON object : View

Products Affected

No product.

CWE
CWE-191

Integer Underflow (Wrap or Wraparound)