CVE-2025-32906: 
Alma Linux vulnerability analysis and mitigation

A vulnerability (CVE-2025-32906) was discovered in libsoup, affecting the soupheadersparse_request() function. The flaw was disclosed on April 14, 2025, and impacts various versions of libsoup prior to 3.6.5. This vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 7.5 (Red Hat CVE, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the soupheadersparse_request() function of libsoup. The issue has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (Red Hat CVE).

When exploited, this vulnerability allows a malicious user to crash the HTTP server through a specially crafted HTTP request. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD, Debian LTS).

The vulnerability has been fixed in libsoup version 3.6.5. For Debian 11 (bullseye), the fix is available in version 2.72.0-2+deb11u2. Currently, no specific workarounds are available for systems that cannot be immediately updated (Debian Security Tracker, Debian LTS).