CVE-2025-46421

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-46421

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46421.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-46421

Downstream

DEBIAN-CVE-2025-46421

OESA-2025-1485

RHSA-2025:4439

RHSA-2025:4440

RHSA-2025:4508

RHSA-2025:4538

RHSA-2025:4560

RHSA-2025:4568

RHSA-2025:4609

RHSA-2025:4624

RHSA-2025:7436

RHSA-2025:7505

RLSA-2025:4560

SUSE-SU-2025:01503-1

SUSE-SU-2025:01504-1

SUSE-SU-2025:1503-1

SUSE-SU-2025:1504-1

SUSE-SU-2025:1509-1

SUSE-SU-2025:1510-1

SUSE-SU-2025:1518-1

SUSE-SU-2025:1519-1

SUSE-SU-2025:20375-1

SUSE-SU-2025:20446-1

UBUNTU-CVE-2025-46421

USN-7490-1

USN-7490-3

openSUSE-SU-2025:15044-1

Related

Published

2025-04-24T13:15:45.703Z

Modified

2026-03-13T08:00:02.635323Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46421.json"