CVE Alert: CVE-2025-11021 – Red Hat – Red Hat Enterprise Linux 10
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
AI Summary Analysis
Risk verdict
High risk: the flaw is network-exploitable with no user interaction and patching is pending, so prioritise remediation.
Why this matters
An out-of-bounds read in the cookie date logic could disclose memory contents from affected processes, potentially exposing sensitive data. With remote access and no privileges required, the attacker surface is broad across systems running libraries that rely on libsoup, including servers and desktop applications.
Most likely attack path
An attacker can trigger the vulnerability by sending crafted HTTP cookie data to a Libsoup-enabled service, given AV:N, AC:L, PR:N, UI:N. No user interaction is needed and the scope remains unchanged, so the attacker could reveal memory from the targeted process without needing lateral movement, limiting impact to disclosed information rather than full control.
Who is most exposed
Entitled to Red Hat Enterprise Linux deployments using libsoup (6–9 and 7–10 era packages) across servers and workstation desktops with GNOME or web-enabled apps; environments with publicly exposed web-facing components using Libsoup are most at risk.
Detection ideas
- Unexplained memory read errors or crash dumps in libsoup-using processes.
-Sudden spikes in memory usage or unusual process termination tied to HTTP cookie processing.
- Logs referencing CVE-2025-11021 or related libsoup entries, especially after network activity involving cookies.
- Anomalous network traffic patterns targeting services known to include libsoup.
Mitigation and prioritisation
- Apply vendor patches for libsoup/libsoup3 in Red Hat; verify patch levels in all affected RHEL releases.
- If patching is slow, implement network isolation for affected services, enforce strict cookie handling controls, and monitor for memory-disclosure indicators.
- Inventory affected hosts and schedule an emergency patch window; test in staging before broad deployment.
- Enable memory and crash reporting, and tighten access controls on applications that surface cookies.
- Given CVSS 7.5 and network access, prioritise patching as a high-priority task; monitor for any active exploitation indicators in threat intelligence feeds.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
