Vulnerability - CVE-2025-32050

Name

CVE-2025-32050

Source

NVD ( link)Debian ( link)

Description

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

CWEs

CWE-127

Published Date

Apr 3, 2025

Updated Date

Jun 17, 2026

Workaround

Advisories

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

5.9

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

libsoup

buildroot

2025.02.x

2.74.3

Patched

libsoup

buildroot

master

2.74.3

Patched

libsoup3

openwrt

master

3.7.1-r2

Not Affected

libsoup3

openwrt

openwrt-25.12

3.6.5-r1

Not Affected

libsoup

yocto

master

3.6.6

Not Affected

libsoup

yocto

scarthgap

3.4.4

Patched

libsoup-2.4

yocto

scarthgap

2.74.3

Patched

Resolved with patches#

libsoup (buildroot:2025.02.x)

Title

Author

Resolve

Fix using int instead of size_t for strcspn return

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32050

libsoup (buildroot:master)

Title

Author

Resolve

Fix using int instead of size_t for strcspn return

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32050

libsoup (yocto:kirkstone)

Title

Author

Resolve

Fix using int instead of size_t for strcspn return

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32050

libsoup-2.4 (yocto:kirkstone)

Title

Author

Resolve

Fix using int instead of size_t for strcspn return

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32050

libsoup-2.4 (yocto:scarthgap)

Title

Author

Resolve

Fix using int instead of size_t for strcspn return

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32050