AZL-67061

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67061.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-67061

Upstream

CVE-2025-9901

Published

2025-09-03T13:15:50Z

Modified

2026-04-21T04:38:03.694377Z

Summary

CVE-2025-9901 affecting package libsoup 3.0.4-12

Details

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9901

Affected packages

Azure Linux:2 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/azure-linux/libsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.0.4-12

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67061.json"