Global Buffer Overflow in Libsoup Affects Red Hat Products
CVE-2025-8197

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-8197?

A global buffer overflow vulnerability has been discovered in the soup_header_name_to_string function within the Libsoup library. This vulnerability arises from insufficient validation of the name parameter, allowing an attacker to control the input. When the name index exceeds the bounds of the soup_header_name_strings array, it results in out-of-bounds access, potentially leading to memory corruption and unauthorized access to sensitive information.

References

https://access.redhat.com/security/cve/CVE-2025-8197

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2383525

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

Red Hat would like to thank Huang Zikang (XingTu Team of Legendsec) and Ying Lingyun (XingTu Team of Legendsec) for reporting this issue.