{"api_version":"1","generated_at":"2026-06-26T19:42:57+00:00","cve":"CVE-2025-46421","urls":{"html":"https://cve.report/CVE-2025-46421","api":"https://cve.report/api/cve/CVE-2025-46421.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-46421","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-46421"},"summary":{"title":"Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server","description":"A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-04-24 13:15:45","updated_at":"2026-06-25 05:16:43"},"problem_types":["CWE-497","CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:4439","name":"https://access.redhat.com/errata/RHSA-2025:4439","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361962","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2361962","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4624","name":"https://access.redhat.com/errata/RHSA-2025:4624","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4538","name":"https://access.redhat.com/errata/RHSA-2025:4538","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/439","name":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/439","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4508","name":"https://access.redhat.com/errata/RHSA-2025:4508","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-46421","name":"https://access.redhat.com/security/cve/CVE-2025-46421","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4609","name":"https://access.redhat.com/errata/RHSA-2025:4609","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4440","name":"https://access.redhat.com/errata/RHSA-2025:4440","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:7505","name":"https://access.redhat.com/errata/RHSA-2025:7505","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:7436","name":"https://access.redhat.com/errata/RHSA-2025:7436","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4560","name":"https://access.redhat.com/errata/RHSA-2025:4560","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:4568","name":"https://access.redhat.com/errata/RHSA-2025:4568","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-46421","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46421","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 0:3.6.5-3.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:2.62.3-8.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:2.62.3-8.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","version":"unaffected 0:2.62.3-1.el8_2.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","version":"unaffected 0:2.62.3-2.el8_4.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","version":"unaffected 0:2.62.3-2.el8_4.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","version":"unaffected 0:2.62.3-2.el8_4.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","version":"unaffected 0:2.62.3-2.el8_6.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","version":"unaffected 0:2.62.3-2.el8_6.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","version":"unaffected 0:2.62.3-2.el8_6.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","version":"unaffected 0:2.62.3-3.el8_8.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:2.72.0-10.el9_6.1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","version":"unaffected 0:2.72.0-8.el9_0.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","version":"unaffected 0:2.72.0-8.el9_2.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:2.72.0-8.el9_4.4 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat In-Vehicle Operating System 1","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-04-24T01:35:00.884Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-04-24T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Currently, no mitigation is available for this vulnerability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"46421","cve":"CVE-2025-46421","epss":"0.004780000","percentile":"0.376350000","score_date":"2026-06-25","updated_at":"2026-06-26 00:06:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-46421","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-04-24T13:12:43.291380Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-07-29T13:32:41.957Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://gitlab.gnome.org/GNOME/libsoup","defaultStatus":"unaffected","packageName":"libsoup","versions":[{"lessThan":"3.6.5","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"libsoup3","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.6.5-3.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-8.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-8.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/o:redhat:rhel_aus:8.2::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-1.el8_2.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_4.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_4.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_4.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_6.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_6.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-2.el8_6.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream","cpe:/o:redhat:rhel_eus:8.8::baseos"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.62.3-3.el8_8.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.72.0-10.el9_6.1","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.72.0-8.el9_0.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.72.0-8.el9_2.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.72.0-8.el9_4.4","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"libsoup","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"libsoup","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhivos:1"],"defaultStatus":"affected","packageName":"libsoup","product":"Red Hat In-Vehicle Operating System 1","vendor":"Red Hat"}],"datePublic":"2025-04-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-497","description":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-25T04:56:00.529Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:4439","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4439"},{"name":"RHSA-2025:4440","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4440"},{"name":"RHSA-2025:4508","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4508"},{"name":"RHSA-2025:4538","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4538"},{"name":"RHSA-2025:4560","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4560"},{"name":"RHSA-2025:4568","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4568"},{"name":"RHSA-2025:4609","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4609"},{"name":"RHSA-2025:4624","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:4624"},{"name":"RHSA-2025:7436","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:7436"},{"name":"RHSA-2025:7505","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:7505"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-46421"},{"name":"RHBZ#2361962","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361962"},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/439"}],"timeline":[{"lang":"en","time":"2025-04-24T01:35:00.884Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-04-24T00:00:00.000Z","value":"Made public."}],"title":"Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server","workarounds":[{"lang":"en","value":"Currently, no mitigation is available for this vulnerability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-46421","datePublished":"2025-04-24T13:01:24.589Z","dateReserved":"2025-04-24T01:37:42.413Z","dateUpdated":"2026-06-25T04:56:00.529Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-04-24 13:15:45","lastModifiedDate":"2026-06-25 05:16:43","problem_types":["CWE-497","CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-24T13:12:43.291380Z","id":"CVE-2025-46421","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"46421","Ordinal":"1","Title":"Libsoup: information disclosure may leads libsoup client sends a","CVE":"CVE-2025-46421","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"46421","Ordinal":"1","NoteData":"A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.","Type":"Description","Title":"Libsoup: information disclosure may leads libsoup client sends a"}]}}}