Denial of Service Vulnerability in libsoup WebSocket Connections by Red Hat
CVE-2025-32049

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 April 2025

Summary

A flaw in the libsoup library allows the SoupWebsocketConnection to accept oversized WebSocket messages. This can result in excessive memory allocation, potentially leading to service disruptions. Administrators should review and apply mitigations to prevent exploitation.

References

https://access.redhat.com/security/cve/CVE-2025-32049

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2357066

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Apr 3, 2025