CVE-2025-14523
BaseFortify
Publication date: 2025-12-11
Last updated on: 2026-03-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libsoup | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests for multiple Host headers in the same request. You can capture and inspect HTTP traffic using tools like tcpdump or Wireshark to identify requests containing duplicate Host headers. For example, using tcpdump: tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep -i 'Host:'. Then manually check if multiple Host headers appear in a single request. Additionally, custom scripts or intrusion detection systems (IDS) rules can be created to alert on duplicate Host headers in HTTP requests. [1]
Can you explain this vulnerability to me?
This vulnerability is a flaw in libsoup's HTTP header handling that allows multiple Host headers in a single request. The server processes the last Host header, while common front proxies use the first one. This mismatch can cause confusion about which virtual host the request is intended for, enabling attacks like request smuggling, cache poisoning, or bypassing host-based access controls by supplying duplicate Host headers.
How can this vulnerability impact me? :
The vulnerability can lead to security issues such as request smuggling attacks, cache poisoning, and bypassing host-based access controls. This means an attacker could manipulate requests to access unauthorized backend services, poison caches to serve malicious content, or circumvent restrictions based on host headers, potentially compromising the integrity and security of your web services.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libsoup to a version where this vulnerability is fixed, if available. As a temporary workaround, configure front-end proxies or web application firewalls (WAFs) to reject or normalize HTTP requests containing multiple Host headers to prevent host header confusion. Also, review and tighten host-based access control lists (ACLs) and caching policies to reduce the risk of bypass or cache poisoning due to this issue. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.