CVE-2025-32049

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:8126
https://access.redhat.com/errata/RHSA-2025:8128
https://access.redhat.com/errata/RHSA-2025:8132
https://access.redhat.com/errata/RHSA-2025:8139
https://access.redhat.com/errata/RHSA-2025:8140
https://access.redhat.com/errata/RHSA-2025:8252
https://access.redhat.com/errata/RHSA-2025:8480
https://access.redhat.com/errata/RHSA-2025:8481
https://access.redhat.com/errata/RHSA-2025:8482
https://access.redhat.com/errata/RHSA-2025:8663
https://access.redhat.com/errata/RHSA-2025:9179
https://access.redhat.com/security/cve/CVE-2025-32049
https://bugzilla.redhat.com/show_bug.cgi?id=2357066

Configurations

No configuration.

History

18 Nov 2025, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:21657 -

Information

Published : 2025-04-03 14:15

Updated : 2025-11-18 09:15

NVD link : CVE-2025-32049

Mitre link : CVE-2025-32049

CVE.ORG link : CVE-2025-32049

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-32049", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-03T14:15:43.410", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:21657", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8126", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8128", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8132", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8139", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8140", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8252", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8480", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8481", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8482", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8663", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9179", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-32049", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357066", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS)."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libsoup. La conexi\u00f3n SoupWebsocketConnection puede aceptar un mensaje WebSocket grande, lo que puede provocar que libsoup asigne memoria y provoque una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-11-18T09:15:50.757", "sourceIdentifier": "[email protected]"}