Description

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.

INFO

Published Date :

2025-09-03T12:32:27.414Z

Last Modified :

2026-05-06T15:02:29.452Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9901 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9901.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-9901 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2392790 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libsoup/-/issues/453 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-9901 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-9901 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact