UBUNTU-CVE-2025-9901
- Source
- https://ubuntu.com/security/CVE-2025-9901
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-9901.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-9901
- Upstream
- Published
- 2025-09-03T13:15:00Z
- Modified
- 2026-05-20T16:24:05.636216672Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
- References
Affected packages
Ubuntu:22.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.72.0-3ubuntu3
2.74.1-1
2.74.2-2
2.74.2-3
2.74.2-3ubuntu0.1
2.74.2-3ubuntu0.2
2.74.2-3ubuntu0.3
2.74.2-3ubuntu0.4
2.74.2-3ubuntu0.5
2.74.2-3ubuntu0.6
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.2-3ubuntu0.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.2-3ubuntu0.6"
}
]
}Ubuntu:24.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-1
2.74.3-2
2.74.3-3
2.74.3-6
2.74.3-6build1
2.74.3-6ubuntu1
2.74.3-6ubuntu1.1
2.74.3-6ubuntu1.2
2.74.3-6ubuntu1.3
2.74.3-6ubuntu1.4
2.74.3-6ubuntu1.5
2.74.3-6ubuntu1.6
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-6ubuntu1.6"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-6ubuntu1.6"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.2-4
3.4.4-1
3.4.4-2
3.4.4-4
3.4.4-5
3.4.4-5build1
3.4.4-5build2
3.4.4-5ubuntu0.1
3.4.4-5ubuntu0.2
3.4.4-5ubuntu0.3
3.4.4-5ubuntu0.4
3.4.4-5ubuntu0.5
3.4.4-5ubuntu0.6
3.4.4-5ubuntu0.7
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.4.4-5ubuntu0.7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.4.4-5ubuntu0.7"
}
]
}Ubuntu:25.10
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.74.3-10
2.74.3-10.1
2.74.3-10.1ubuntu1
2.74.3-10.1ubuntu2
2.74.3-10.1ubuntu3
2.74.3-10.1ubuntu4
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu4"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu4"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.5-4ubuntu0.2"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.5-4ubuntu0.2"
}
]
}Ubuntu:26.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup-gnome-2.4-1",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-common",
"binary_version": "2.74.3-10.1ubuntu5"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.74.3-10.1ubuntu5"
}
]
}libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.6.6-1"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.6.6-1"
}
]
}Ubuntu:Pro:16.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.50.0-2debian1
2.52.1-1
2.52.2-1
2.52.2-1ubuntu0.1
2.52.2-1ubuntu0.2
2.52.2-1ubuntu0.3
2.52.2-1ubuntu0.3+esm1
2.52.2-1ubuntu0.3+esm2
2.52.2-1ubuntu0.3+esm3
2.52.2-1ubuntu0.3+esm4
2.52.2-1ubuntu0.3+esm5
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.52.2-1ubuntu0.3+esm5"
}
]
}Ubuntu:Pro:18.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.1-1
2.60.2-1
2.60.2-2
2.60.3-1
2.61.90-1
2.62.0-1
2.62.1-1
2.62.1-1ubuntu0.1
2.62.1-1ubuntu0.3
2.62.1-1ubuntu0.4
2.62.1-1ubuntu0.4+esm1
2.62.1-1ubuntu0.4+esm2
2.62.1-1ubuntu0.4+esm3
2.62.1-1ubuntu0.4+esm4
2.62.1-1ubuntu0.4+esm5
2.62.1-1ubuntu0.4+esm6
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.62.1-1ubuntu0.4+esm6"
}
]
}Ubuntu:Pro:20.04:LTS
libsoup2.4
Package
- Name
- libsoup2.4
- Purl
- pkg:deb/ubuntu/libsoup2.4?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.68.2-0ubuntu1
2.68.2-1
2.68.2-2
2.68.2-2build2
2.69.90-1
2.70.0-1
2.70.0-1ubuntu0.1
2.70.0-1ubuntu0.2
2.70.0-1ubuntu0.3
2.70.0-1ubuntu0.4
2.70.0-1ubuntu0.5
2.70.0-1ubuntu0.5+esm1
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-2.4",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup-gnome2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-1",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
},
{
"binary_name": "libsoup2.4-tests",
"binary_version": "2.70.0-1ubuntu0.5+esm1"
}
]
}Ubuntu:Pro:22.04:LTS
libsoup3
Package
- Name
- libsoup3
- Purl
- pkg:deb/ubuntu/libsoup3?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.4-2
3.0.4-3
3.0.5-1
3.0.7-0ubuntu1
3.0.7-0ubuntu1+esm1
3.0.7-0ubuntu1+esm2
3.0.7-0ubuntu1+esm3
3.0.7-0ubuntu1+esm4
3.0.7-0ubuntu1+esm5
3.0.7-0ubuntu1+esm6
3.0.7-0ubuntu1+esm7
Ecosystem specific
{
"priority_reason": "Upstream has deemed this to be a low priority issue",
"binaries": [
{
"binary_name": "gir1.2-soup-3.0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-0",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-common",
"binary_version": "3.0.7-0ubuntu1+esm7"
},
{
"binary_name": "libsoup-3.0-tests",
"binary_version": "3.0.7-0ubuntu1+esm7"
}
]
}