Vulnerability Description
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:19713
- https://access.redhat.com/errata/RHSA-2025:19714
- https://access.redhat.com/errata/RHSA-2025:19720
- https://access.redhat.com/errata/RHSA-2025:20959
- https://access.redhat.com/errata/RHSA-2025:21032
- https://access.redhat.com/errata/RHSA-2025:21655
- https://access.redhat.com/errata/RHSA-2025:21656
- https://access.redhat.com/errata/RHSA-2025:21657
- https://access.redhat.com/errata/RHSA-2025:21664
- https://access.redhat.com/errata/RHSA-2025:21665
- https://access.redhat.com/errata/RHSA-2025:21666
- https://access.redhat.com/errata/RHSA-2025:21772
- https://access.redhat.com/errata/RHSA-2025:22013
- https://access.redhat.com/security/cve/CVE-2025-4945
- https://bugzilla.redhat.com/show_bug.cgi?id=2367175
FAQ
What is CVE-2025-4945?
CVE-2025-4945 is a vulnerability with a CVSS score of 3.7 (LOW). A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where ...
How severe is CVE-2025-4945?
CVE-2025-4945 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4945?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.