CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:4439
https://access.redhat.com/errata/RHSA-2025:4440
https://access.redhat.com/errata/RHSA-2025:4508
https://access.redhat.com/errata/RHSA-2025:7436
https://access.redhat.com/errata/RHSA-2025:8128
https://access.redhat.com/errata/RHSA-2025:8292
https://access.redhat.com/security/cve/CVE-2025-32907
https://bugzilla.redhat.com/show_bug.cgi?id=2359342

Configurations

No configuration.

History

No history.

Information

Published : 2025-04-14 14:15

Updated : 2025-05-29 07:15

NVD link : CVE-2025-32907

Mitre link : CVE-2025-32907

CVE.ORG link : CVE-2025-32907

JSON object : View

Products Affected

No product.

CWE

CWE-1050

Excessive Platform Resource Consumption within a Loop

{"id": "CVE-2025-32907", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-04-14T14:15:24.580", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:4439", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4440", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4508", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:7436", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8128", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8292", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-32907", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359342", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1050"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libsoup. La implementaci\u00f3n de solicitudes de rango HTTP es vulnerable a un ataque de consumo de recursos. Esta falla permite que un cliente malicioso solicite el mismo rango varias veces en una sola solicitud HTTP, lo que provoca que el servidor utilice grandes cantidades de memoria."}], "lastModified": "2025-05-29T07:15:24.333", "sourceIdentifier": "[email protected]"}