CVE-2025-32914

Updated: 2025-08-20 03:16:33.247696

Description:

A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0.0
CVSS Version 3.x HIGH 7.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU libsoup 2.72.0 7.4 HIGH Released CLSA-2025:1749569869 2025-06-11 00:54:44
AlmaLinux 9.2 ESU kernel 5.14.0 7.4 HIGH Not Vulnerable 2025-09-11 21:46:50
CentOS 7 ELS kernel 3.10.0 7.4 HIGH Not Vulnerable 2025-11-19 17:04:57 Not vulnerable: CVE-2025-32914 is an out-of-bounds read in the user‑space libsoup HTTP library (sp...
CentOS 7 ELS libsoup 2.62.2 7.4 HIGH Released CLSA-2025:1762792127 2025-11-21 21:27:36 Not vulnerable: CVE-2025-32914 is an out-of-bounds read in the user‑space libsoup HTTP library (sp...
CentOS 8.4 ELS kernel 4.18.0 7.4 HIGH Not Vulnerable 2025-09-11 21:46:51 CVE-2025-32914 targets libsoup’s user-space HTTP parsing (soup_multipart_new_from_message) and is ...
CentOS 8.5 ELS kernel 4.18.0 7.4 HIGH Not Vulnerable 2025-09-11 21:46:51 CVE-2025-32914 targets libsoup’s user-space HTTP parsing (soup_multipart_new_from_message) and is ...
CentOS Stream 8 ELS kernel 4.18.0 7.4 HIGH Not Vulnerable 2025-09-11 21:46:50 CVE-2025-32914 targets libsoup’s user-space HTTP parsing (soup_multipart_new_from_message) and is ...
CloudLinux 7 ELS kernel 3.10.0 7.4 HIGH Not Vulnerable 2025-12-03 19:31:38 Not vulnerable: CVE-2025-32914 is an out-of-bounds read in the user‑space libsoup HTTP library (sp...
Oracle Linux 7 ELS kernel 3.10.0 7.4 HIGH Needs Triage 2026-02-28 01:58:54
Oracle Linux 7 ELS libsoup 2.62.2 7.4 HIGH Already Fixed 2025-11-12 22:48:25
Total: 16