CVE-2025-7370 in libsoup
Summary
by MITRE • 07/10/2025
A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function will crash, resulting in a denial of service.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/06/2026
The vulnerability resides within libsoup, a widely-used HTTP client library that serves as a fundamental component in numerous applications and systems relying on web communications. This NULL pointer dereference flaw specifically manifests in the cookie parsing mechanism, where the soup_cookie_jar_add_cookie() function fails to properly handle cookies lacking domain parameters. The issue represents a classic denial of service vulnerability that can be exploited by malicious actors to disrupt service availability. The flaw demonstrates characteristics consistent with CWE-476, which describes NULL pointer dereference conditions that can lead to application crashes and system instability. When an application processes a cookie without a domain attribute, the parsing logic attempts to dereference a null pointer, causing the application to terminate unexpectedly and resulting in service disruption.
The technical exploitation of this vulnerability requires crafting a malformed cookie that lacks the domain parameter, which then gets processed through the soup_cookie_jar_add_cookie() function. This function is responsible for managing cookie storage within the HTTP client library and becomes unstable when encountering such malformed input. The operational impact extends beyond simple application crashes, as many systems depend on libsoup for critical web interactions including authentication flows, session management, and API communications. When exploited, this vulnerability can cause cascading failures in applications that rely on the library, potentially affecting user authentication, data access, and overall system availability. The vulnerability aligns with ATT&CK technique T1499.004, which covers network denial of service attacks through application or service failures.
The widespread adoption of libsoup across various software ecosystems means that exploitation can affect numerous applications including web browsers, desktop applications, and server-side components. Many applications that implement HTTP client functionality through libsoup may be vulnerable to this specific NULL pointer dereference condition. Security practitioners should consider this vulnerability as part of broader application security assessments, particularly in environments where user-supplied HTTP cookies are processed. The impact severity increases when considering that this vulnerability can be triggered through normal web browsing activities, making it particularly dangerous in user-facing applications. Organizations utilizing libsoup in their software stacks should prioritize patching and mitigation strategies to prevent exploitation.
Mitigation strategies should include immediate patching of affected libsoup versions, implementation of input validation for cookie processing, and deployment of application-level protections against malformed HTTP cookies. Network-based protections such as web application firewalls can help detect and block exploitation attempts by filtering out malformed cookie data. Additionally, application developers should implement robust error handling mechanisms that can gracefully handle malformed cookie data without crashing the application. Security monitoring should include detection of unusual application termination patterns and service disruptions that may indicate exploitation of this vulnerability. The remediation approach should also consider implementing proper cookie validation routines and ensuring that all cookie processing functions include adequate null pointer checks before dereferencing pointers. Organizations should also review their software supply chain for other components that may be affected by similar vulnerabilities in related libraries.