๐Ÿ” CVE Alert

CVE-2025-46421

MEDIUM 6.8

Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server

CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

CWE CWE-497
Published Apr 24, 2025
Last Updated Nov 18, 2025
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Affected Versions

Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4439 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4440 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4508 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4538 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4560 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4568 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4609 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:4624 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:7436 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:7505 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-46421 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2361962 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439