CVE-2025-32911

9.0 CRITICAL

Published: April 15, 2025 Modified: November 18, 2025

Description

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:21657

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4439

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4440

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4508

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4538

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4560

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4568

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4609

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4624

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7436

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8292

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:9179

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-32911

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2359355

Source: secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

15 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.0 / 10.0

EPSS (Exploit Probability)

0.1%

30th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-590

Related CVEs