Description
Upon investigtion upstream maintainers discovered this was not a real issue. See the references for more details. See: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430#note_2494090.
Published: 2025-07-10
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-20997 Upon investigtion upstream maintainers discovered this was not a real issue. See the references for more details. See: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430#note_2494090.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0006}

Tue, 15 Jul 2025 22:15:00 +0000

Type Values Removed Values Added
Title Libsoup: libsoup null pointer dereference libsoup: libsoup null pointer dereference
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 15 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service. Upon investigtion upstream maintainers discovered this was not a real issue. See the references for more details. See: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430#note_2494090.
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0006}

Thu, 10 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.
Title libsoup: libsoup null pointer dereference Libsoup: libsoup null pointer dereference
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Wed, 09 Jul 2025 00:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libsoup: libsoup null pointer dereference
Weaknesses CWE-476
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important

Subscriptions

No data.

cve-icon MITRE

Status: REJECTED

Assigner: redhat

Published:

Updated: 2025-07-15T21:05:43.581Z

Reserved: 2025-07-08T21:12:05.283Z

Link: CVE-2025-7370

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-07-10T15:15:30.637

Modified: 2025-07-15T21:15:34.773

Link: CVE-2025-7370

cve-icon Redhat

Severity : Important

Publid Date: 2025-07-08T00:00:00Z

Links: CVE-2025-7370 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses