CVE-2025-4969
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk50th percentile - higher than 50% of all known CVEs
Summary
A vulnerability was found in the libsoup library due to its failure to correctly verify the termination of multipart HTTP messages. This allows a remote attacker to send a specially crafted multipart HTTP body, causing an out-of-bounds read.
Risk Assessment
An attacker could exploit this vulnerability to access sensitive data in server memory or cause a denial of service, threatening system integrity and availability.
Recommendation
Immediately update the libsoup library to the latest patched version. If an update is not possible, restrict access to the service to trusted sources only.
Original NVD description (English source)
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

