CVE-2025-2784

Public Exploit

Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Remediation

Workaround:

Currently no mitigation is available for this vulnerability.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2025:7505	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8126	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8132	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8139	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8140	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8252	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8480	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8481	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8482	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:8663	vendor advisory third party advisory
https://access.redhat.com/errata/RHSA-2025:9179	vendor advisory third party advisory
https://access.redhat.com/security/cve/CVE-2025-2784	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2354669	issue tracking third party advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422	issue tracking exploit

Frequently Asked Questions

What is the severity of CVE-2025-2784?: CVE-2025-2784 has been scored as a high severity vulnerability.
How to fix CVE-2025-2784?: As a workaround for remediating CVE-2025-2784: Currently no mitigation is available for this vulnerability.
Is CVE-2025-2784 being actively exploited in the wild?: It is possible that CVE-2025-2784 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2784?: CVE-2025-2784 affects Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat Enterprise Linux 6.

Description

Remediation

Category

CWE-125 – Out-of-bounds Read

References

Frequently Asked Questions