VDB
CVE-2025-4035
CVE-2025-4035
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.
EPSS 0.19% · 41.1th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
0.19%
41.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 10 | 0:3.6.5-3.el10_0.6 |
| Red Hat | Red Hat Enterprise Linux 8 |
Exploit Intelligence
- RHSA-2025:8128 (circl)
- https://access.redhat.com/security/cve/CVE-2025-4035 (circl)
- RHBZ#2362651 (circl)
Timeline
- Apr 29, 2025 Coalition ESS Score
- Apr 29, 2025 CVE Published
- Apr 30, 2025 EPSS Score
- May 12, 2025 EPSS Score
- May 24, 2025 EPSS Score
- Jun 1, 2025 Coalition ESS Score
- Jun 5, 2025 EPSS Score
- Jun 17, 2025 EPSS Score
- Jun 28, 2025 EPSS Score
- Jul 10, 2025 EPSS Score
- Jul 22, 2025 EPSS Score
- Aug 3, 2025 EPSS Score
References
- RHSA-2025:8128 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-4035 vdb
- RHBZ#2362651 issue
- https://nvd.nist.gov/vuln/detail/CVE-2025-4035 advisory