{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","type":"deb","namespace":"debian","name":"libsoup3","version":"3.6.5-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.6.5-5","latest_non_vulnerable_version":"3.6.6-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77401?format=json","vulnerability_id":"VCID-6dwg-gn3e-jfeh","summary":"A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4969.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4969","reference_id":"","reference_type":"","scores":[{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71583","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71603","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71578","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71563","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4969"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106248","reference_id":"1106248","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106248"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106325","reference_id":"1106325","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367552","reference_id":"2367552","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T10:19:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367552"},{"reference_url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/447","reference_id":"447","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T10:19:28Z/"}],"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/447"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-4969","reference_id":"CVE-2025-4969","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T10:19:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-4969"},{"reference_url":"https://usn.ubuntu.com/7643-1/","reference_id":"USN-7643-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7643-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4969"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dwg-gn3e-jfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=json","vulnerability_id":"VCID-8gex-prdk-7kb5","summary":"A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4945.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4945","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53182","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53192","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53201","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.5318","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53156","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106205","reference_id":"1106205","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106375","reference_id":"1106375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106375"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367175","reference_id":"2367175","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367175"},{"reference_url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/448","reference_id":"448","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/448"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-4945","reference_id":"CVE-2025-4945","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19713","reference_id":"RHSA-2025:19713","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19714","reference_id":"RHSA-2025:19714","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19720","reference_id":"RHSA-2025:19720","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20959","reference_id":"RHSA-2025:20959","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21032","reference_id":"RHSA-2025:21032","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21655","reference_id":"RHSA-2025:21655","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21656","reference_id":"RHSA-2025:21656","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21657","reference_id":"RHSA-2025:21657","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21664","reference_id":"RHSA-2025:21664","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21665","reference_id":"RHSA-2025:21665","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21666","reference_id":"RHSA-2025:21666","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21772","reference_id":"RHSA-2025:21772","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22013","reference_id":"RHSA-2025:22013","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22013"},{"reference_url":"https://usn.ubuntu.com/7643-1/","reference_id":"USN-7643-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7643-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4945"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gex-prdk-7kb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77394?format=json","vulnerability_id":"VCID-bpr9-59u8-yuc9","summary":"A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32914.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32914.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32914","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41418","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41444","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41448","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41398","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41387","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32914"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103267","reference_id":"1103267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103267"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103512","reference_id":"1103512","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103512"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359358","reference_id":"2359358","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359358"},{"reference_url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/436","reference_id":"436","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/436"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_eus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_eus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-32914","reference_id":"CVE-2025-32914","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-32914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21657","reference_id":"RHSA-2025:21657","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7505","reference_id":"RHSA-2025:7505","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8126","reference_id":"RHSA-2025:8126","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8132","reference_id":"RHSA-2025:8132","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8139","reference_id":"RHSA-2025:8139","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8140","reference_id":"RHSA-2025:8140","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8252","reference_id":"RHSA-2025:8252","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8480","reference_id":"RHSA-2025:8480","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8481","reference_id":"RHSA-2025:8481","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8482","reference_id":"RHSA-2025:8482","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8663","reference_id":"RHSA-2025:8663","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9179","reference_id":"RHSA-2025:9179","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:05:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9179"},{"reference_url":"https://usn.ubuntu.com/7490-1/","reference_id":"USN-7490-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7490-1/"},{"reference_url":"https://usn.ubuntu.com/7490-3/","reference_id":"USN-7490-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7490-3/"},{"reference_url":"https://usn.ubuntu.com/7643-1/","reference_id":"USN-7643-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7643-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-32914"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpr9-59u8-yuc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77400?format=json","vulnerability_id":"VCID-gc7s-tz74-kyh5","summary":"A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4948.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4948.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4948","reference_id":"","reference_type":"","scores":[{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77222","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.7721","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.77212","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00986","scoring_system":"epss","scoring_elements":"0.772","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4948"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106204","reference_id":"1106204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106337","reference_id":"1106337","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106337"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367183","reference_id":"2367183","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367183"},{"reference_url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/449","reference_id":"449","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/449"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_eus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_eus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-4948","reference_id":"CVE-2025-4948","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21657","reference_id":"RHSA-2025:21657","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8126","reference_id":"RHSA-2025:8126","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8128","reference_id":"RHSA-2025:8128","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8132","reference_id":"RHSA-2025:8132","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8139","reference_id":"RHSA-2025:8139","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8140","reference_id":"RHSA-2025:8140","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8252","reference_id":"RHSA-2025:8252","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8480","reference_id":"RHSA-2025:8480","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8481","reference_id":"RHSA-2025:8481","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8482","reference_id":"RHSA-2025:8482","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8663","reference_id":"RHSA-2025:8663","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9179","reference_id":"RHSA-2025:9179","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-19T16:53:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9179"},{"reference_url":"https://usn.ubuntu.com/7643-1/","reference_id":"USN-7643-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7643-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4948"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc7s-tz74-kyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77388?format=json","vulnerability_id":"VCID-jmzh-ukc4-muf8","summary":"A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32908.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32908","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32218","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32262","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32225","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32195","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32294","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32908"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103265","reference_id":"1103265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103265"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359343","reference_id":"2359343","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:12:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359343"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-32908","reference_id":"CVE-2025-32908","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:12:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-32908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7505","reference_id":"RHSA-2025:7505","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:12:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7505"},{"reference_url":"https://usn.ubuntu.com/7543-1/","reference_id":"USN-7543-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7543-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-32908"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmzh-ukc4-muf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77396?format=json","vulnerability_id":"VCID-sh9e-ynwr-gka8","summary":"A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4476.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4476","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54498","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54507","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54497","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105887","reference_id":"1105887","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105887"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107757","reference_id":"1107757","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366513","reference_id":"2366513","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T15:04:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2366513"},{"reference_url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/440","reference_id":"440","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T15:04:45Z/"}],"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/440"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-4476","reference_id":"CVE-2025-4476","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T15:04:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-4476"},{"reference_url":"https://usn.ubuntu.com/7543-1/","reference_id":"USN-7543-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7543-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4476"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9e-ynwr-gka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77387?format=json","vulnerability_id":"VCID-vhaf-7udc-7ubq","summary":"A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32907.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32907","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44794","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44834","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44813","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44783","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44828","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32907"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103264","reference_id":"1103264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103264"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103518","reference_id":"1103518","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359342","reference_id":"2359342","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359342"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-32907","reference_id":"CVE-2025-32907","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-32907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4439","reference_id":"RHSA-2025:4439","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4440","reference_id":"RHSA-2025:4440","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4508","reference_id":"RHSA-2025:4508","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7436","reference_id":"RHSA-2025:7436","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8128","reference_id":"RHSA-2025:8128","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8292","reference_id":"RHSA-2025:8292","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8292"},{"reference_url":"https://usn.ubuntu.com/7643-1/","reference_id":"USN-7643-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7643-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103802?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103789?format=json","purl":"pkg:deb/debian/libsoup3@3.6.5-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21t2-152w-bqet"},{"vulnerability":"VCID-429w-7cvy-hbaq"},{"vulnerability":"VCID-9q1u-ektk-v7br"},{"vulnerability":"VCID-bs7x-4z9p-pugz"},{"vulnerability":"VCID-kvjk-sm86-rud1"},{"vulnerability":"VCID-qqn1-vq5q-6ub3"},{"vulnerability":"VCID-qvbn-8e9e-a3g2"},{"vulnerability":"VCID-thhq-w84y-zfed"},{"vulnerability":"VCID-tusy-b98v-bkc7"},{"vulnerability":"VCID-twa3-p1cf-a3f3"},{"vulnerability":"VCID-uage-dtey-h3fe"},{"vulnerability":"VCID-yp44-7y48-7fbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103787?format=json","purl":"pkg:deb/debian/libsoup3@3.6.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-32907"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhaf-7udc-7ubq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsoup3@3.6.5-2%3Fdistro=trixie"}