← Back to CVEs
CVE-2025-46421
MEDIUM6.8
Description
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published4/24/2025
Last Modified7/28/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-497
References
https://access.redhat.com/errata/RHSA-2025:4439(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4440(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4508(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4538(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4560(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4568(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4609(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4624(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:7436(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:7505(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2025-46421(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2361962(secalert@redhat.com)
https://gitlab.gnome.org/GNOME/libsoup/-/issues/439(secalert@redhat.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.