libsoup CVE-2025-12105
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Remote unauthenticated trigger with crash-only impact gives A:H and C/I:N, but the timing-window race warrants AC:H rather than the input's AC:L.
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
AnalysisAI
Remote denial-of-service in libsoup affects GNOME and WebKit-based applications that rely on the library for HTTP/2 client communication. A race in the asynchronous message-queue handling lets a queue item be freed twice when network operations are aborted at precise timing, producing a use-after-free that crashes the consuming application. Red Hat reported the issue and has shipped errata fixes; there is no public exploit identified at time of analysis and the flaw is confined to availability impact (no code execution or data exposure indicated).
Technical ContextAI
libsoup is the GLib/GNOME HTTP client and server library that underpins HTTP/2 communications for many desktop applications and WebKitGTK-based browsers and embedders. The defect lives in the asynchronous message queue used to track in-flight requests: when a connection's HTTP/2 read sequence and a cancel/abort occur at a specific interleaving, missing state synchronization allows the same queue item to be released twice, leaving a dangling pointer that is subsequently dereferenced. This is a classic CWE-416 Use-After-Free arising from a double-free/race condition rather than from attacker-controlled heap grooming, which is consistent with the observed crash-only impact. The upstream fix is tracked in GNOME GitLab merge request 481 against the libsoup project.
Affected ProductsAI
The affected component is the libsoup HTTP library as consumed by GNOME and WebKit-based applications for HTTP/2; exact upstream affected version ranges are not enumerated in the provided data and should be confirmed against the GNOME advisory (https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481). Red Hat distributions are confirmed affected and addressed via errata RHSA-2025:23139 (https://access.redhat.com/errata/RHSA-2025:23139) and RHSA-2025:23437 (https://access.redhat.com/errata/RHSA-2025:23437), with tracking at https://access.redhat.com/security/cve/CVE-2025-12105 and https://bugzilla.redhat.com/show_bug.cgi?id=2405992. No CPE strings were supplied in the input, so precise version boundaries are not independently verifiable here.
RemediationAI
Apply the vendor-released patches: on Red Hat systems update libsoup to the fixed packages delivered by RHSA-2025:23139 (https://access.redhat.com/errata/RHSA-2025:23139) and RHSA-2025:23437 (https://access.redhat.com/errata/RHSA-2025:23437), and on other distributions upgrade to a libsoup build that incorporates GNOME merge request 481 (https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481); the exact upstream tagged release version is not stated in the input and should be confirmed with your distribution. Because the library is loaded by many applications, restart or update all dependent services and browsers after patching so the fixed shared library is actually in use. If immediate patching is not possible, reduce exposure by limiting which HTTP/2 endpoints libsoup-based clients connect to - restrict applications to trusted servers and block or proxy outbound connections to untrusted HTTP/2 origins - accepting the trade-off that this constrains normal browsing/fetch functionality; where feasible, disabling HTTP/2 negotiation for affected clients avoids the vulnerable read/cancel path at the cost of falling back to HTTP/1.1 performance.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| Container suse/sl-micro/6.0/toolbox:latest | Affected |
| SUSE Liberty Linux 10 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| SUSE Linux Micro 6.0 | Affected |
| SUSE Linux Micro 6.1 | Affected |
| SUSE Linux Micro 6.2 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Not-Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Not-Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Proxy 4.3 | Not-Affected |
| SUSE Manager Proxy LTS 4.3 | Affected |
| SUSE Manager Proxy LTS 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Not-Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE Manager Server 4.3 | Not-Affected |
| SUSE Manager Server LTS 4.3 | Affected |
| SUSE Manager Server LTS 4.3 | Not-Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Not-Affected |
| SUSE Linux Enterprise Desktop 11 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 11 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Not-Affected |
| SUSE Linux Enterprise Micro 5.2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Not-Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Point of Sale 11 SP3 | Not-Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 11 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS | Not-Affected |
| SUSE Linux Enterprise Server 11 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Not-Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15-LTSS | Not-Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 11 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 11 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 11 SP2 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 11 SP3 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 11 SP4 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Not-Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Not-Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| SUSE OpenStack Cloud 7 | Not-Affected |
| SUSE OpenStack Cloud 8 | Not-Affected |
| SUSE OpenStack Cloud 9 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 8 | Not-Affected |
| SUSE OpenStack Cloud Crowbar 9 | Not-Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.6 | Affected |
| openSUSE Leap 15.6 | Not-Affected |
| openSUSE Leap Micro 5.2 | Not-Affected |
| openSUSE Leap Micro 5.3 | Not-Affected |
| openSUSE Leap Micro 5.4 | Not-Affected |
| openSUSE Leap Micro 5.5 | Not-Affected |
| SUSE Manager Proxy 4.3 LTS | Affected |
| SUSE Manager Retail Branch Server 4.3 LTS | Affected |
| SUSE Manager Server 4.3 LTS | Affected |
Share
External POC / Exploit Code
Leaving vuln.today