Out-of-Bounds Memory Read Vulnerability in libsoup Used by GNOME
CVE-2025-11021

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-11021?

A flaw exists in the cookie date handling logic within the libsoup HTTP library, which is utilized by various applications, including those in the GNOME ecosystem. This flaw arises when the library processes cookies with specially crafted expiration dates, resulting in an out-of-bounds memory read. Consequently, this could unintentionally disclose memory contents, posing a risk that sensitive information from processes utilizing libsoup may be exposed.

References

https://access.redhat.com/security/cve/CVE-2025-11021

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2399627

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

Red Hat

What is CVE-2025-11021?

References

CVSS V3.1

Timeline