Description

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

INFO

Published Date :

2025-10-23T09:14:14.077Z

Last Modified :

2026-03-19T14:05:42.387Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12105 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12105.

URL Resource
https://access.redhat.com/errata/RHSA-2025:23139 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23437 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-12105 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2405992 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-12105 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-12105 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact