CVE-2025-4945
Libsoup: integer overflow in cookie expiration date handling in libsoup
CVSS Score
3.7
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
| CWE | CWE-190 |
| Published | May 19, 2025 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new low vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19713 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19714 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19720 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:20959 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21032 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21655 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21656 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21657 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21664 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21665 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21666 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21772 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22013 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-4945 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2367175 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
Credits
Red Hat would like to thank fouzhe for reporting this issue.