Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-32914
CVE-2025-32914:
Alma Linux vulnerability analysis and mitigation
Overview
A vulnerability was discovered in libsoup (CVE-2025-32914) where the soupmultipartnewfrommessage() function is susceptible to an out-of-bounds read vulnerability. The flaw was disclosed on April 14, 2025, affecting various versions of libsoup2.4 and libsoup3 packages across multiple Linux distributions (Debian Security, Red Hat Security).
Technical details
The vulnerability has been assigned a CVSS v3.1 score of 7.4 (High) with the vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H. The flaw is classified as CWE-125 and specifically affects the soupmultipartnewfrommessage() function in the soup-multipart.c file (Red Hat Security).
Impact
When exploited, this vulnerability allows a malicious HTTP client to induce the libsoup server to perform out-of-bounds read operations, which could potentially lead to crashes or process termination (Debian LTS).
Mitigation and workarounds
For Debian 11 (bullseye), the vulnerability has been fixed in version 2.72.0-2+deb11u2 of libsoup2.4. Users are recommended to upgrade their libsoup2.4 packages to the patched version (Debian LTS).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management