CVE-2025-9901
Vulnerability
CVE-2025-9901
libsoup: Improper Handling of HTTP Vary Header in libsoup Caching
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-9901
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2392790
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-9901
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-9901
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
| AV | Network | |
|---|---|---|
| AC | High | |
| PR | None | |
| UI | None | |
| S | Not Changed | |
| C | High | |
| I | None | |
| A | None |
source: secalert@redhat.com
Use of Cache Containing Sensitive Information
source: secalert@redhat.com
published: 2025-09-03 00:00:00
modified: 2025-09-25 01:58:33
Detection
redhat-vex
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-7-extras-including-unpatched:8814c35d-6965-1fb9-9d76-6792876a176d
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-7-including-unpatched:8814c35d-6965-1fb9-9d76-6792876a176d
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-7-supplementary:8814c35d-6965-1fb9-9d76-6792876a176d
redhat-vex
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-8-including-unpatched:cb9fa898-b85c-12cd-afbf-2a4f72047ce2
redhat-vex
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-9-including-unpatched:cd80fea4-e5e1-35f5-4307-071d865ae347
redhat-vex
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-6-els:7cf729e1-4caa-1316-d070-5f07011823b8
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-6-extras-including-unpatched:7cf729e1-4caa-1316-d070-5f07011823b8
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-6-including-unpatched:7cf729e1-4caa-1316-d070-5f07011823b8
OR
libsoup
package type: binary
libsoup-devel
package type: binary
libsoup
package type: source
tag: rhel-6-supplementary:7cf729e1-4caa-1316-d070-5f07011823b8
redhat-vex
OR
libsoup3
package type: binary
libsoup3-devel
package type: binary
libsoup3-doc
package type: binary
libsoup3
package type: source
tag: rhel-10:d927fec7-2aaa-ffbd-ee12-ef9277d5e9c8
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
