Key Information Vulnerability Overview CVE ID: CVE-2025-4948 Disclosure Date: May 19, 2025 CVSS v3 Base Score: 7.5 Impact: Important Description Vulnerability Type: Integer Underflow Affected Function: Library: libsoup HTTP library Issue: When processing specially crafted multipart messages, internal calculations may malfunction, causing an integer underflow, which leads to invalid memory access and crashes. Statement Severity: High Remote Exploitation: Can be triggered remotely without user interaction Impact: Causes service crashes or crashes applications relying on libsoup for HTTP multipart message processing, ultimately resulting in Denial of Service (DoS) Mitigation Recommendation: Avoid using untrusted sources of multipart HTTP messages until updated packages are available; deploy application-level filters or HTTP proxies to reject malicious multipart requests; apply vendor-provided patches as soon as possible. Affected Packages and Red Hat Security Advisories Affected Products: - Red Hat Enterprise Linux 6 - Red Hat Enterprise Linux 7 - Red Hat Enterprise Linux 8 - Red Hat Enterprise Linux 9 CVSS v3 Score Details Attack Vector: Network Attack Complexity: Low Required Privileges: None User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High Weakness Understanding (CWE) CWE ID: CWE-191 Type: Integer Underflow (Wrap or Wraparound) Technical Impact: DoS: Crash, Exit, or Reboot; DoS: Resource Consumption (CPU); DoS: Resource Consumption (Memory); DoS: Instability