Vulnerability DatabaseCVE-2025-32910

CVE-2025-32910:
Rocky Linux vulnerability analysis and mitigation

Overview

A vulnerability was discovered in libsoup (CVE-2025-32910), identified on April 14, 2025. The flaw exists in the soup_auth_digest_authenticate() function, which is susceptible to a NULL pointer dereference. This vulnerability affects libsoup versions prior to 3.6.3 (NVD, Debian Tracker).

Technical details

The vulnerability is classified as CWE-476 (NULL Pointer Dereference) with a CVSS v3.1 base score of 6.5 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating that it can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

Impact

When exploited, this vulnerability can cause the libsoup client to crash when processing responses from a malicious HTTP server. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity (Red Hat Bugzilla).

Mitigation and workarounds

The vulnerability has been fixed in libsoup version 3.6.3 and later. For Debian 11 (bullseye), the fix is available in version 2.72.0-2+deb11u2. Users are recommended to upgrade their libsoup packages to the patched versions (Debian LTS).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.5

Score

Published April 14, 2025

Severity MEDIUM

CNA Score 6.5

Affected Technologies

Rocky Linux
Alma Linux

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 27.4

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

mingw32-libsoup
mingw32-libsoup-debuginfo

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 8 Severity HIGHHas FixAdded at: Jun 01, 2025
CBL-Mariner
- CBL-Mariner 2.0 Severity MEDIUMHas FixAdded at: Jul 12, 2025
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: May 04, 2025
Debian Security Tracker
- Debian 11, 12, 13 Severity MEDIUMHas FixAdded at: Apr 15, 2025
- Debian 14 Severity MEDIUMHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity MEDIUMHas FixAdded at: Nov 18, 2025
Photon Security Advisory
- Photon 4.0 Severity MEDIUMHas FixAdded at: Jun 01, 2025
- Photon 5.0 Severity MEDIUMHas FixAdded at: May 18, 2025
Red Hat Errata
- Red Hat 6, 7, 9 Severity MEDIUMNo FixAdded at: Apr 15, 2025
- Red Hat 8 Severity MEDIUMHas FixAdded at: Apr 15, 2025
Rocky Linux Product Errata
- Rocky 8 Severity HIGHHas FixAdded at: Aug 10, 2025
Seal Security
- Red Hat 7 Severity MEDIUMHas FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 24.10 Severity MEDIUMHas FixAdded at: May 07, 2025
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Rocky Linux vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-0891	HIGH	8.1	Mozilla Firefox	MozillaFirefox-devel	No	Yes	Jan 13, 2026
CVE-2025-24528	HIGH	7.1	Kerberos	libkadm5	No	Yes	Jan 16, 2026
CVE-2026-0890	MEDIUM	5.4	Mozilla Firefox	MozillaFirefox-devel	No	Yes	Jan 13, 2026
CVE-2026-0886	MEDIUM	5.3	Mozilla Firefox	MozillaFirefox	No	Yes	Jan 13, 2026
CVE-2026-0887	MEDIUM	4.3	Mozilla Firefox	firefox	No	Yes	Jan 13, 2026