V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
CVE-2025-4035
DEB
Medium

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the dom…

CVSS
4.3
Medium
EPSS
0.01
p80
Published
2025-01-01
Updated
2025-01-01
Description

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.

Tags · CWE
Pre-auth
CWE-178
Affected products
Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup2.4Libsoup3Libsoup3Libsoup3Libsoup3Libsoup3Libsoup3Libsoup3Libsoup3
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: L
Low (L)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.013 · p80
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup2.4Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
libsoup3Tracked
Source databases
DEB
UBU
Related vulnerabilities
BDU:2025-10922