CVE Catalog

CVE-2025-32911

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.80%

52th percentile - higher than 52% of all known CVEs

Summary

A use-after-free vulnerability was found in the libsoup library, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

Risk Assessment

An attacker could cause a server crash or potentially execute arbitrary code, threatening system availability and integrity.

Recommendation

Immediately update the libsoup library to a version containing the fix for this vulnerability.

Original NVD description (English source)

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS