vulnerability

Oracle Linux: CVE-2025-46421: ELSA-2025-4560: libsoup security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:N)

Published

Apr 24, 2025

Added

May 8, 2025

Modified

Jul 16, 2025

Description

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

Solutions

oracle-linux-upgrade-libsouporacle-linux-upgrade-libsoup3oracle-linux-upgrade-libsoup3-develoracle-linux-upgrade-libsoup3-docoracle-linux-upgrade-libsoup-devel

References

CVE-2025-46421
https://attackerkb.com/topics/CVE-2025-46421
ELSA-ELSA-2025-4560
ELSA-ELSA-2025-7436
ELSA-ELSA-2025-7505
CWE-497

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report