cbcvebase.
CVE-2025-14523
published 2025-12-11

CVE-2025-14523: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front…

high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianlibsoup2.4< libsoup3 3.6.5-7 (forky)libsoup3 3.6.5-7 (forky)
debianlibsoup3< libsoup3 3.6.5-7 (forky)libsoup3 3.6.5-7 (forky)
msrcazl3_libsoup_3.4.4-10_on_azure_linux_3.0
msrcazl3_libsoup_3.4.4-11_on_azure_linux_3.0
msrcazl3_libsoup_3.4.4-12_on_azure_linux_3.0
msrcazl3_libsoup_3.4.4-14_on_azure_linux_3.0
msrccbl2_libsoup_3.0.4-10_on_cbl_mariner_2.0
msrccbl2_libsoup_3.0.4-12_on_cbl_mariner_2.0
msrccbl2_libsoup_3.0.4-13_on_cbl_mariner_2.0

CVSS provenance

nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
osv8.2HIGH