CVE-2025-4945

low

Description

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2025:22013

https://access.redhat.com/errata/RHSA-2025:21772

https://access.redhat.com/errata/RHSA-2025:21666

https://access.redhat.com/errata/RHSA-2025:21665

https://access.redhat.com/errata/RHSA-2025:21664

https://access.redhat.com/errata/RHSA-2025:21657

https://access.redhat.com/errata/RHSA-2025:21656

https://access.redhat.com/errata/RHSA-2025:21655

https://access.redhat.com/errata/RHSA-2025:21032

https://access.redhat.com/errata/RHSA-2025:20959

https://access.redhat.com/errata/RHSA-2025:19720

https://access.redhat.com/errata/RHSA-2025:19714

https://access.redhat.com/errata/RHSA-2025:19713

https://bugzilla.redhat.com/show_bug.cgi?id=2367175

https://access.redhat.com/security/cve/CVE-2025-4945

Details

Source: Mitre, NVD

Published: 2025-05-19

Updated: 2025-11-25

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low

EPSS

EPSS: 0.00029