CVE-2025-2784

Name: CVE-2025-2784
Creator: NVD / NIST
Published: 2025-04-03T03:15:18.113+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.67%

Last modified Jun 25, 2026

CVE-2025-2784 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

0.67%

47.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Gnome	Libsoup	< 3.6.5
Redhat	Codeready Linux Builder	10.0
Redhat	Codeready Linux Builder For Arm64	10.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	10.0_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems	10.0_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	10.0_s390x
Redhat	Codeready Linux Builder For Power Little Endian	10.0_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	10.0_ppc64le
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux	10.0
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux Eus	9.4
Redhat	Enterprise Linux Eus	9.6
Redhat	Enterprise Linux Eus	10.0
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64	9.0_aarch64
Redhat	Enterprise Linux For Arm 64	10.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.8_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.2_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.6_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	10.0_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems	10.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.2_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.4_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.6_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	10.0_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian	10.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	8.8_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.2_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.6_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	10.0_ppc64le
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Aus	8.4
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server Aus	9.4
Redhat	Enterprise Linux Server Aus	9.6
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.0_ppc64le
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.6_ppc64le

Showing 50 of 57 affected configurations. See NVD for the full list.

References

https://access.redhat.com/errata/RHSA-2025:21657
https://access.redhat.com/errata/RHSA-2025:7505Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8126Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8132Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8139Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8140Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8252Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8480Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8481Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8482Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8663Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:9179Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-2784Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2354669Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422Exploit, Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html
https://gitlab.gnome.org/GNOME/libsoup/-/issues/422Exploit, Issue Tracking

Timeline

Published: Apr 3, 2025
Last Modified: Jun 25, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-2784?

How severe is CVE-2025-2784?

CVE-2025-2784 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.

How do I fix CVE-2025-2784?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-2784?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST