CVE-2025-4945

LOW
2025-05-19 [email protected]
3.7
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 19, 2026 - 18:30 vuln.today
CVE Published
May 19, 2025 - 17:15 nvd
LOW 3.7

Tags

Buffer Overflow Integer Overflow

Description

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Analysis

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software.

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected: GNOME applications and other software

Remediation

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

19
Low Medium High Critical
KEV: 0
EPSS: +1.0
CVSS: +18
POC: 0

Share

CVE-2025-4945 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy