CVE-2025-32908

Summary

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

Affected Software

VendorProductVersion RangeStatus
0 < 3.6.5affected
Red HatRed Hat Enterprise Linux 100:3.6.5-3.el10_0 < *unaffected

Weaknesses

  • CWE-115: Misinterpretation of Input

Workarounds

Currently, no mitigation was found for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References