Description

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

INFO

Published Date :

2025-12-11T12:30:59.266Z

Last Modified :

2026-03-19T14:35:08.581Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-14523 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14523.

URL Resource
https://access.redhat.com/errata/RHSA-2026:0421 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0422 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0423 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0836 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0867 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0868 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0905 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0906 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0907 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0908 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0911 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0925 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1509 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1569 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1570 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1571 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:1572 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-14523 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2421349 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libsoup/-/issues/472 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-14523 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-14523 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact