← Zuruck zu CVEs
CVE-2025-46421
MEDIUM6.8
Beschreibung
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
CVE Details
CVSS v3.1 Bewertung6.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht4/24/2025
Zuletzt geandert7/28/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-497
Referenzen
https://access.redhat.com/errata/RHSA-2025:4439(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4440(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4508(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4538(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4560(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4568(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4609(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4624(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:7436(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:7505(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2025-46421(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2361962(secalert@redhat.com)
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439(secalert@redhat.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.