{
  "threat_severity" : "Important",
  "public_date" : "2025-12-11T00:00:00Z",
  "bugzilla" : {
    "description" : "libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)",
    "id" : "2421349",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2421349"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-444",
  "details" : [ "A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.", "A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers." ],
  "statement" : "This vulnerability is rated Important for Red Hat products that utilize libsoup in environments where applications are exposed via a front proxy. The flaw arises from a discrepancy in how libsoup processes duplicate Host: headers (last-value wins) compared to many proxies (first-value wins). This mismatch can lead to virtual-host confusion, enabling attackers to bypass host-based access controls or perform cache poisoning. Systems where libsoup applications are directly accessible without an intervening proxy are not affected by this specific issue.",
  "acknowledgement" : "Red Hat would like to thank Ky0toFu and Sovereign Tech Resilience program for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0423",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "libsoup3-0:3.6.5-3.el10_1.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-01-20T00:00:00Z",
    "advisory" : "RHSA-2026:0836",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "libsoup3-0:3.6.5-3.el10_0.11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0925",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "libsoup-0:2.62.2-10.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0421",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libsoup-0:2.62.3-11.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1509",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "spice-client-win-0:8.10-6.el8_10.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0421",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libsoup-0:2.62.3-11.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0911",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "libsoup-0:2.62.3-1.el8_2.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1571",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "spice-client-win-0:8.10-6.el8_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0909",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "libsoup-0:2.62.3-2.el8_4.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1572",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "spice-client-win-0:8.10-6.el8_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0909",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "libsoup-0:2.62.3-2.el8_4.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1572",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "spice-client-win-0:8.10-6.el8_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0905",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "libsoup-0:2.62.3-2.el8_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1570",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "spice-client-win-0:8.10-6.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0905",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "libsoup-0:2.62.3-2.el8_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1570",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "spice-client-win-0:8.10-6.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0905",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "libsoup-0:2.62.3-2.el8_6.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1570",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "spice-client-win-0:8.10-6.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-01-20T00:00:00Z",
    "advisory" : "RHSA-2026:0867",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "libsoup-0:2.62.3-3.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1569",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "spice-client-win-0:8.10-6.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-01-20T00:00:00Z",
    "advisory" : "RHSA-2026:0867",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "libsoup-0:2.62.3-3.el8_8.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1569",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "spice-client-win-0:8.10-6.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0422",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "libsoup-0:2.72.0-12.el9_7.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0906",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "libsoup-0:2.72.0-8.el9_0.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-01-20T00:00:00Z",
    "advisory" : "RHSA-2026:0868",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "libsoup-0:2.72.0-8.el9_2.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0908",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "libsoup-0:2.72.0-8.el9_4.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0907",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "libsoup-0:2.72.0-10.el9_6.5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libsoup",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-14523\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14523\nhttps://gitlab.gnome.org/GNOME/libsoup/-/issues/472" ],
  "name" : "CVE-2025-14523",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}