CVE-2025-8197
Libsoup Buffer Overflow Vulnerability
Description
Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465
INFO
Published Date :
July 25, 2025, 8:15 p.m.
Last Modified :
Aug. 14, 2025, 3:15 a.m.
Remotely Exploit :
No
Source :
[email protected]
Solution
- Review the provided GitLab issue for details.
- Apply any recommended patches or configuration changes.
Public PoC/Exploit Available at Github
CVE-2025-8197 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
EPSS & VEDAS Score Aggregator for CVEs
cve vulnerability exploit epss vedas exploit-maturity
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8197 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-8197 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by [email protected]
Aug. 14, 2025
Action Type Old Value New Value -
CVE Modified by [email protected]
Aug. 14, 2025
Action Type Old Value New Value Changed Description A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access. Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465 Removed CVSS V3.1 Red Hat, Inc.: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Removed CWE Red Hat, Inc.: CWE-787 Removed CPE Configuration OR *cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:* Removed Reference Red Hat, Inc.: https://access.redhat.com/security/cve/CVE-2025-8197 Removed Reference Red Hat, Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=2383525 Removed Reference Type Red Hat, Inc.: https://access.redhat.com/security/cve/CVE-2025-8197 Types: Third Party Advisory Removed Reference Type Red Hat, Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=2383525 Types: Third Party Advisory -
Initial Analysis by [email protected]
Aug. 14, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:* Added Reference Type Red Hat, Inc.: https://access.redhat.com/security/cve/CVE-2025-8197 Types: Third Party Advisory Added Reference Type Red Hat, Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=2383525 Types: Third Party Advisory -
New CVE Received by [email protected]
Jul. 25, 2025
Action Type Old Value New Value Added Description A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`. The value of `name` is controllable, when `name` exceeds the index range of `soup_headr_name_string`, it will cause an out-of-bounds access. Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-787 Added Reference https://access.redhat.com/security/cve/CVE-2025-8197 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2383525