CVE-2025-2784

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:7505 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8126 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8132 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8139 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8140 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8252 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8480 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8481 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8482 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8663 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:9179 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-2784 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2354669 Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Exploit Issue Tracking
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
History

20 Jun 2025, 15:26

Type Values Removed Values Added
First Time Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Server
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Update Services For Sap Solutions
Redhat codeready Linux Builder
Redhat codeready Linux Builder For Ibm Z Systems
Redhat enterprise Linux Server Aus
Redhat codeready Linux Builder For Power Little Endian
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux
Redhat codeready Linux Builder For Arm64 Eus
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat codeready Linux Builder For Arm64
Redhat enterprise Linux For Arm 64 Eus
Gnome
Redhat
Redhat enterprise Linux Eus
Gnome libsoup
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:a:gnome:libsoup:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
References () https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 - () https://gitlab.gnome.org/GNOME/libsoup/-/issues/422 - Exploit, Issue Tracking
References () https://access.redhat.com/errata/RHSA-2025:8140 - () https://access.redhat.com/errata/RHSA-2025:8140 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8480 - () https://access.redhat.com/errata/RHSA-2025:8480 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8481 - () https://access.redhat.com/errata/RHSA-2025:8481 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8482 - () https://access.redhat.com/errata/RHSA-2025:8482 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8663 - () https://access.redhat.com/errata/RHSA-2025:8663 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2025-2784 - () https://access.redhat.com/security/cve/CVE-2025-2784 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2354669 - () https://bugzilla.redhat.com/show_bug.cgi?id=2354669 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:9179 - () https://access.redhat.com/errata/RHSA-2025:9179 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8139 - () https://access.redhat.com/errata/RHSA-2025:8139 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8252 - () https://access.redhat.com/errata/RHSA-2025:8252 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8132 - () https://access.redhat.com/errata/RHSA-2025:8132 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:8126 - () https://access.redhat.com/errata/RHSA-2025:8126 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:7505 - () https://access.redhat.com/errata/RHSA-2025:7505 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

17 Jun 2025, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:9179 -

09 Jun 2025, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8663 -

04 Jun 2025, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8480 -
  • () https://access.redhat.com/errata/RHSA-2025:8481 -
  • () https://access.redhat.com/errata/RHSA-2025:8482 -

28 May 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8252 -

26 May 2025, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8140 -
  • () https://access.redhat.com/errata/RHSA-2025:8132 -

26 May 2025, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8139 -

26 May 2025, 07:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:8126 -

14 May 2025, 00:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:7505 -

03 Apr 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.0 		v2 : unknown
v3 : unknown
CWE CWE-125

03 Apr 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-03 03:15

Updated : 2025-06-20 15:26

NVD link : CVE-2025-2784

Mitre link : CVE-2025-2784

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_aus
  • codeready_linux_builder
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_arm_64_eus
  • codeready_linux_builder_for_ibm_z_systems
  • enterprise_linux_server_tus
  • enterprise_linux_for_power_little_endian
  • codeready_linux_builder_for_ibm_z_systems_eus
  • codeready_linux_builder_for_arm64
  • enterprise_linux_eus
  • enterprise_linux_server
  • enterprise_linux
  • codeready_linux_builder_for_power_little_endian
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_update_services_for_sap_solutions

gnome

  • libsoup
CWE

No CWE.