Use After Free in Gnome Libsoup
CVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an in…
Vulnerability class: Use-After-Free
EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Gnome Libsoup — versions 0
- Red Hat Enterprise Linux 10 — versions 0:3.6.5-3.el10_1.7
- Red Hat Enterprise Linux 10.0 Extended Update Support — versions 0:3.6.5-3.el10_0.10
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Weakness classification (CWE)
References
- RHSA-2025:23139 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2025:23437 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2025-12105 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2405992 (issue-tracking, x_refsource_REDHAT)
- gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481
Frequently asked questions
- What is CVE-2025-12105?
- CVE-2025-12105 is a high-severity vulnerability in Gnome Libsoup, classified under Use After Free. CVSS score: 7.5/10. Published 2025-10-23.
- How severe is CVE-2025-12105?
- High severity. CVSS v3 base score is 7.5 out of 10.