CVE-2025-2784
HIGHDescription
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Is your site exposed to CVE-2025-2784?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gnome | libsoup |
| redhat | codeready_linux_builder |
| redhat | codeready_linux_builder_for_arm64 |
| redhat | codeready_linux_builder_for_arm64_eus |
| redhat | codeready_linux_builder_for_ibm_z_systems |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus |
| redhat | codeready_linux_builder_for_power_little_endian |
| redhat | codeready_linux_builder_for_power_little_endian_eus |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_eus |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_arm_64 |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_arm_64_eus |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_ibm_z_systems |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_ibm_z_systems_eus |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_power_little_endian |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_for_power_little_endian_eus |
| redhat | enterprise_linux_server |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_aus |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions |
| redhat | enterprise_linux_server_tus |
| redhat | enterprise_linux_server_tus |
| redhat | enterprise_linux_update_services_for_sap_solutions |
| redhat | enterprise_linux_update_services_for_sap_solutions |
| redhat | enterprise_linux_update_services_for_sap_solutions |
| redhat | enterprise_linux_update_services_for_sap_solutions |
| redhat | enterprise_linux_update_services_for_sap_solutions |
References
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-2784? +
How severe is CVE-2025-2784? +
What products are affected by CVE-2025-2784? +
How do I check if I'm vulnerable to CVE-2025-2784? +
Related Vulnerabilities
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() …
Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windows. This issue affects Citrix Secure Access Client for Windows: …
An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system …
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings …
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings …
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder …