What is CVE-2025-9901?

CVE-2025-9901 is a medium-severity vulnerability in Red Hat Enterprise Linux 10, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.9/10. Published 2025-09-03.

How severe is CVE-2025-9901?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Is CVE-2025-9901 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Red Hat Enterprise Linux 10

CVE-2025-9901

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authenti…

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
RHBZ#2392790 (x_refsource_REDHAT, issue-tracking)
secalert@redhat.com

Frequently asked questions

What is CVE-2025-9901?: CVE-2025-9901 is a medium-severity vulnerability in Red Hat Enterprise Linux 10, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.9/10. Published 2025-09-03.
How severe is CVE-2025-9901?: Medium severity. CVSS v3 base score is 5.9 out of 10.
Is CVE-2025-9901 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.