CVE-2025-32911CRITICAL 9.0EPSS p51.7%

CVE-2025-32911CVE-2025-32911

Description

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.

Scoring

CVSS 3.19.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.80% probability of exploitation · percentile 51.7% · 2026-06-18T12:00:27Z
Published2025-04-15
Last modified2026-04-15

Underlying weaknesses· 1

CWE-590

References

  1. https://access.redhat.com/errata/RHSA-2025:21657
  2. https://access.redhat.com/errata/RHSA-2025:4439
  3. https://access.redhat.com/errata/RHSA-2025:4440
  4. https://access.redhat.com/errata/RHSA-2025:4508
  5. https://access.redhat.com/errata/RHSA-2025:4538
  6. https://access.redhat.com/errata/RHSA-2025:4560
  7. https://access.redhat.com/errata/RHSA-2025:4568
  8. https://access.redhat.com/errata/RHSA-2025:4609

1

TypeTargetConfidenceTier
WeaknessFree of Memory not on the Heapcwe-5900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2436
CVE
CVE-2026-1761
CVE
CVE-2026-2369
CVE
CVE-2025-14523
CVE
CVE-2026-25210
CVE
CVE-2026-5119
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.