5.9 CVE-2025-9901
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.
https://nvd.nist.gov/vuln/detail/CVE-2025-9901
Categories
CWE-524 : Use of Cache Containing Sensitive Information
Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.
References
AFFECTED (from MITRE)
| Vendor |
Product |
Versions |
| Red Hat |
Red Hat Enterprise Linux 10 |
|
| Red Hat |
Red Hat Enterprise Linux 6 |
|
| Red Hat |
Red Hat Enterprise Linux 7 |
|
| Red Hat |
Red Hat Enterprise Linux 8 |
|
| Red Hat |
Red Hat Enterprise Linux 9 |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 204 |
Lifting Sensitive Data Embedded in Cache
An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information. [Identify Application Cache] An adversary first identifies an application that utilizes a cache. This could either be a web application storing data in a browser cache, or an application running on a separate machine. The adversary examines the cache to determine file permissions and possible encryption. [Attempt to Access Cache] Once the cache has been discovered, the adversary attempts to access the cached data. This often requires previous access to a machine hosting the target application. [Lift Sensitive Data from Cache] After gaining access to cached data, an adversary looks for potentially sensitive information and stores it for malicious use. This sensitive data could possibly be used in follow-up attacks related to authentication or authorization. |
Medium |
MITRE
Techniques
| id |
description |
| T1005 |
Data from Local System |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| M1057 |
Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
