CVE-2025-32907

low-risk

Published 2025-04-14

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.

Do I need to act?

0.99% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (8)

https://access.redhat.com/errata/RHSA-2025:4439

https://access.redhat.com/errata/RHSA-2025:4440

https://access.redhat.com/errata/RHSA-2025:4508

https://access.redhat.com/errata/RHSA-2025:7436

https://access.redhat.com/errata/RHSA-2025:8128

https://access.redhat.com/errata/RHSA-2025:8292

https://access.redhat.com/security/cve/CVE-2025-32907

https://bugzilla.redhat.com/show_bug.cgi?id=2359342

/ 100

low-risk

Severity 21/34 · High

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal