CVE-2025-9901
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-05-06
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libsoup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-524 | The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in libsoup's caching mechanism called SoupCache, where the HTTP Vary header is ignored when validating cached responses. The Vary header ensures that responses vary based on request headers like language or authentication. Because libsoup does not properly check this header, cached content can be reused incorrectly across different requests, potentially exposing sensitive or user-specific information to unintended recipients. [1]
How can this vulnerability impact me? :
The vulnerability can lead to confidentiality breaches by serving sensitive or user-specific cached content to the wrong users. While it is unlikely to affect everyday desktop use, it poses a risk in proxy or multi-user environments where cached responses might be shared across different users, potentially exposing private information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring HTTP traffic for improper caching behavior related to the Vary header. Since libsoup's SoupCache ignores the Vary header, you can inspect HTTP responses served from caches to see if responses vary correctly based on request headers like language or authentication. Using network traffic analysis tools such as tcpdump or Wireshark, capture HTTP traffic and verify if cached responses are served without considering the Vary header. For example, you can use commands like 'tcpdump -i <interface> -A port 80' to capture HTTP traffic and then analyze if responses differ appropriately for requests with different headers. Additionally, reviewing logs or debugging output from applications using libsoup with SoupCache enabled may help identify improper cache hits. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or avoiding the use of SoupCache in libsoup if possible, especially in proxy or multi-user environments where sensitive data exposure risk is higher. Applying any available patches or updates from your Linux distribution or libsoup maintainers that address this issue is recommended. Additionally, consider configuring your environment to bypass caching for sensitive requests or to enforce proper cache validation based on the Vary header until a fix is applied. [1]