CVE-2025-11021

7.5 HIGH
Published: September 26, 2025 Modified: November 25, 2025
View on NVD

Description

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:18183
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:19713
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:19714
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:20959
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21032
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21655
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21656
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21657
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21664
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21665
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21666
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21772
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:22013
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-11021
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2399627
Source: secalert@redhat.com

15 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.1%
20th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-125

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A