CVE-2025-32909: Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
Security readout for executives and security teams
Plain-English summary
CVE-2025-32909 is a denial-of-service flaw in libsoup. A malicious or problematic HTTP server may crash a libsoup-based client through a NULL pointer dereference in MP4 content sniffing. The cited impact is availability only, not data theft or code execution.
Executive priority
Address in normal patch cycles, faster for internet-facing or automated clients that consume untrusted HTTP content. This is not presented as code execution or data compromise, but it can disrupt affected client workflows.
Technical view
SoupContentSniffer in libsoup may hit a NULL pointer dereference in sniff_mp4. CVSS 3.1 is 5.3: network reachable, low complexity, no privileges, no user interaction, unchanged scope, and low availability impact only. CWE-476 is cited.
Likely exposure
Exposure is most likely in applications or packaged components that use libsoup as an HTTP client. Red Hat marks RHEL 9 libsoup affected, RHEL 10 libsoup3 unaffected, RHEL 6 and 7 unknown, and lists affected RHEL 8 package entries for mingw-freetype and spice-client-win.
Exploitation context
The sources describe a remote HTTP server causing a libsoup client crash. KEV is false, and the provided sources do not state active exploitation or public weaponization. Treat this as service reliability risk where clients process untrusted HTTP responses.
Researcher notes
Evidence is limited to advisory-level impact. The affected product data is distro-specific and somewhat indirect for RHEL 8 entries, so validate package lineage before scoping. Do not assume exploit activity because KEV is false and no cited source reports exploitation.
Mitigation direction
Apply vendor updates referenced by Red Hat RHSA-2025:8292 where applicable.
Check Debian LTS guidance if Debian LTS systems include libsoup.
Prioritize clients that fetch untrusted web content or media metadata.
Track GNOME libsoup issue 431 for upstream status and guidance.
Where no fix is identified, follow distributor guidance and monitor advisories.
Validation and detection
Inventory systems and applications using libsoup or distro packages named by advisories.
Map installed versions to Red Hat, Debian, and upstream advisory status.
Confirm RHEL 9 libsoup systems receive the relevant vendor update.
Review crash telemetry for libsoup clients processing HTTP or MP4 responses.
Document RHEL 6 and 7 exposure as unknown until vendor status is confirmed.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-476: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-476 · source CWE mapping
NULL Pointer Dereference
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.