Vulnerability - CVE-2025-32912

Name

CVE-2025-32912

Source

NVD ( link)Debian ( link)

Description

A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.

CWEs

CWE-476

Published Date

Apr 14, 2025

Updated Date

Jun 17, 2026

Workaround

Advisories

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

6.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

libsoup

buildroot

2025.02.x

2.74.3

Patched

libsoup

buildroot

master

2.74.3

Patched

libsoup3

openwrt

master

3.7.1-r2

Not Affected

libsoup3

openwrt

openwrt-25.12

3.6.5-r1

Not Affected

libsoup

yocto

master

3.6.6

Not Affected

libsoup

yocto

scarthgap

3.4.4

Patched

libsoup-2.4

yocto

scarthgap

2.74.3

Patched

Resolved with patches#

libsoup (buildroot:2025.02.x)

Title

Author

Resolve

auth-digest: Handle missing nonce

Changqing Li <changqing.li@windriver.com>

CVE-2025-32912

libsoup (buildroot:master)

Title

Author

Resolve

auth-digest: Handle missing nonce

Changqing Li <changqing.li@windriver.com>

CVE-2025-32912

libsoup (yocto:kirkstone)

Title

Author

Resolve

auth-digest: Handle missing nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912

digest-auth: Handle NULL nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912

libsoup-2.4 (yocto:kirkstone)

Title

Author

Resolve

auth-digest: Handle missing nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912

digest-auth: Handle NULL nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912

libsoup-2.4 (yocto:scarthgap)

Title

Author

Resolve

auth-digest: Handle missing nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912

digest-auth: Handle NULL nonce

Patrick Griffis <pgriffis@igalia.com>

CVE-2025-32912