CVE Alert: CVE-2025-12105 – Red Hat – Red Hat Enterprise Linux 10
CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
AI Summary Analysis
Risk verdict
High risk: remote denial-of-service potential via crafted HTTP/2 sequences, with no user interaction required.
Why this matters
The flaw enables memory misuse in a widely-used library, potentially crashing libsoup-based processes across Linux deployments. For organisations relying on Red Hat Enterprise Linux 10 with libsoup3, this can translate into sustained service disruption, degraded user experience, and impacting web-facing or desktop components that rely on HTTP/2.
Most likely attack path
An attacker could trigger the double-free via specific HTTP/2 read/cancel timing, exploiting network access and no privileges. The flaw is unlikely to enable data exfiltration or unauthorised access, but could crash or stall the hosting application, causing denial of service. Precondition is presence of vulnerable libsoup in network-facing services or clients; remote exploitation with no UI interaction.
Who is most exposed
Organisations running RHEL 10 with libsoup3 in network-facing services, or GNOME/WebKit-based desktops/app stacks on Linux, are most at risk. Exposure increases where HTTP/2 is widely used and services are internet-facing or serve critical workloads.
Detection ideas
- Spikes in crashes or segfaults of libsoup-based processes during HTTP/2 activity.
- Logs showing abnormal message queue or memory corruption related events.
- Sudden, correlated DoS-like resource usage (CPU/memory) on affected services after HTTP/2 traffic.
- Core dumps or backtraces indicating use-after-free in libsoup components.
- Anomalous HTTP/2 read/cancel sequences in network telemetry.
Mitigation and prioritisation
- Apply vendor patch for libsoup (RHEL 10/libsoup3) across affected systems; verify patch status.
- If patching is delayed, implement compensating controls: restrict exposure of HTTP/2 services, enable rate limiting, and deploy WAF/IDS rules for abnormal HTTP/2 cancellation patterns.
- Validate fixes in a staging environment before broad rollout; update asset inventory and change-management records; prepare a rapid rollback plan.
- Treat as high-priority remediation given CVSS 7.5 and remote exploit potential. If KEV or EPSS data indicate higher exploitation likelihood, escalate accordingly.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
