UBUNTU-CVE-2025-4035

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-4035

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-4035.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-4035

Related

CVE-2025-4035

Published

2025-04-29T13:15:00Z

Modified

2025-05-28T17:48:14Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.

References

Affected packages

Ubuntu:Pro:16.04:LTS / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.52.2-1ubuntu0.3+esm3?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.50.0-2debian1

2.52.1-1

2.52.2-1

2.52.2-1ubuntu0.1

2.52.2-1ubuntu0.2

2.52.2-1ubuntu0.3

2.52.2-1ubuntu0.3+esm1

2.52.2-1ubuntu0.3+esm2

2.52.2-1ubuntu0.3+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.62.1-1ubuntu0.4+esm4?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.60.1-1

2.60.2-1

2.60.2-2

2.60.3-1

2.61.90-1

2.62.0-1

2.62.1-1

2.62.1-1ubuntu0.1

2.62.1-1ubuntu0.3

2.62.1-1ubuntu0.4

2.62.1-1ubuntu0.4+esm1

2.62.1-1ubuntu0.4+esm2

2.62.1-1ubuntu0.4+esm3

2.62.1-1ubuntu0.4+esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.70.0-1ubuntu0.5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.68.2-0ubuntu1

2.68.2-1

2.68.2-2

2.68.2-2build2

2.69.90-1

2.70.0-1

2.70.0-1ubuntu0.1

2.70.0-1ubuntu0.2

2.70.0-1ubuntu0.3

2.70.0-1ubuntu0.4

2.70.0-1ubuntu0.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.74.2-3ubuntu0.5?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.72.0-3ubuntu3

2.74.1-1

2.74.2-2

2.74.2-3

2.74.2-3ubuntu0.1

2.74.2-3ubuntu0.2

2.74.2-3ubuntu0.3

2.74.2-3ubuntu0.4

2.74.2-3ubuntu0.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libsoup3

Package

Name: libsoup3
Purl: pkg:deb/ubuntu/libsoup3@3.0.7-0ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-2

3.0.4-3

3.0.5-1

3.0.7-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.74.3-7ubuntu0.5?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74.3-6ubuntu1

2.74.3-7

2.74.3-7ubuntu0.1

2.74.3-7ubuntu0.2

2.74.3-7ubuntu0.3

2.74.3-7ubuntu0.4

2.74.3-7ubuntu0.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libsoup3

Package

Name: libsoup3
Purl: pkg:deb/ubuntu/libsoup3@3.6.0-2ubuntu0.4?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.4-5build2

3.5.2-1

3.6.0-1

3.6.0-2

3.6.0-2ubuntu0.1

3.6.0-2ubuntu0.2

3.6.0-2ubuntu0.3

3.6.0-2ubuntu0.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.74.3-6ubuntu1.5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74.3-1

2.74.3-2

2.74.3-3

2.74.3-6

2.74.3-6build1

2.74.3-6ubuntu1

2.74.3-6ubuntu1.1

2.74.3-6ubuntu1.2

2.74.3-6ubuntu1.3

2.74.3-6ubuntu1.4

2.74.3-6ubuntu1.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libsoup3

Package

Name: libsoup3
Purl: pkg:deb/ubuntu/libsoup3@3.4.4-5ubuntu0.4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.2-4

3.4.4-1

3.4.4-2

3.4.4-4

3.4.4-5

3.4.4-5build1

3.4.4-5build2

3.4.4-5ubuntu0.1

3.4.4-5ubuntu0.2

3.4.4-5ubuntu0.3

3.4.4-5ubuntu0.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libsoup2.4

Package

Name: libsoup2.4
Purl: pkg:deb/ubuntu/libsoup2.4@2.74.3-10ubuntu0.3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.74.3-7

2.74.3-8

2.74.3-8ubuntu1

2.74.3-8.1

2.74.3-9

2.74.3-10

2.74.3-10ubuntu0.1

2.74.3-10ubuntu0.2

2.74.3-10ubuntu0.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libsoup3

Package

Name: libsoup3
Purl: pkg:deb/ubuntu/libsoup3@3.6.5-1ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.0-2

3.6.0-3

3.6.0-4

3.6.1-1

3.6.4-1

3.6.4-2

3.6.4-3

3.6.5-1

3.6.5-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}