AZL-61665

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61665.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61665

Upstream

CVE-2025-4035

Published

2025-04-29T13:15:45Z

Modified

2026-04-01T05:19:42.608643Z

Summary

CVE-2025-4035 affecting package libsoup 3.0.4-12

Details

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4035

Affected packages

Azure Linux:2 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/azure-linux/libsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.4-12

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61665.json"