Authorization Header Exposure in Libsoup HTTP Redirection
CVE-2025-46421

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 24 April 2025

Summary

A security flaw exists in libsoup where clients improperly handle HTTP redirects. When a redirect occurs, these clients inadvertently send the HTTP Authorization header to the new host, potentially allowing that host to impersonate the user to the original server. This could lead to unauthorized access and exposure of sensitive information, highlighting the need for careful management of authorization credentials in HTTP transactions.

References

https://access.redhat.com/security/cve/CVE-2025-46421

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2361962

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 24, 2025