CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

🗓️ 29 Apr 2025 12:56:22Reported by redhatType

Flaw in libsoup allows cookie domain validation bypass via uppercase characters, risking integrity issues.

Reporter	Title	Published	Views	Family All 35
Circl	CVE-2025-4035	29 Apr 202513:12	–	circl
CNNVD	libsoup 安全漏洞	28 Apr 202500:00	–	cnnvd
CVE	CVE-2025-4035	29 Apr 202512:56	–	cve
Debian CVE	CVE-2025-4035	29 Apr 202512:56	–	debiancve
EUVD	EUVD-2025-15014	3 Oct 202520:07	–	euvd
Microsoft CVE	Libsoup: cookie domain validation bypass via uppercase characters in libsoup	3 Sep 202522:40	–	mscve
NVD	CVE-2025-4035	29 Apr 202513:15	–	nvd
Tenable Nessus	Oracle Linux 10 : libsoup3 (ELSA-2025-7505)	1 Jul 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 : libsoup3 (ELSA-2025-8128)	27 Jun 202500:00	–	nessus
Tenable Nessus	Photon OS 5.0: Libsoup PHSA-2025-5.0-0522	15 May 202500:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.6.5-3.el10_0.6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10.0"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-4035
access	www.access.redhat.com/errata/RHSA-2025:8128
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

18 Nov 2025 08:35Current

CVSS 3.14.3

EPSS0.00262

CWE-178