Authorization Header Exposure in Libsoup HTTP Redirection
CVE-2025-46421

6.8MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor
CVE Published:
24 April 2025
đź”” Create Red Hat Vulnerability Alert

What is CVE-2025-46421?

A security flaw exists in libsoup where clients improperly handle HTTP redirects. When a redirect occurs, these clients inadvertently send the HTTP Authorization header to the new host, potentially allowing that host to impersonate the user to the original server. This could lead to unauthorized access and exposure of sensitive information, highlighting the need for careful management of authorization credentials in HTTP transactions.

Affected Version(s)

Red Hat Enterprise Linux 10 0:3.6.5-3.el10_0

Red Hat Enterprise Linux 8 0:2.62.3-8.el8_10

Red Hat Enterprise Linux 8 0:2.62.3-8.el8_10

References

https://access.redhat.com/errata/RHSA-2025:4439
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4440
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4508
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-46421 : Authorization Header Exposure in Libsoup HTTP Redirection