一、漏洞信息

漏洞编号：[CVE-2025-4969](https://nvd.nist.gov/vuln/detail/CVE-2025-4969)

漏洞归属组件：[libsoup3](https://gitee.com/src-openeuler/libsoup3)

漏洞归属的版本：3.0.6,3.2.2,3.4.4

CVSS V3.0分值：

BaseScore：N/A None

Vector：CVSS：3.0/

漏洞简述：

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

漏洞公开时间：2025-05-21 14:16:28

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-4969

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2025-4969 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4969 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2025-4969 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-4969 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

修复是否涉及abi变化(是/否)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

原因说明：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

一、漏洞信息

漏洞编号：[CVE-2025-4969](https://nvd.nist.gov/vuln/detail/CVE-2025-4969)

漏洞归属组件：[libsoup3](https://gitee.com/src-openeuler/libsoup3)

漏洞归属的版本：3.0.6,3.2.2,3.4.4

CVSS V3.0分值：

漏洞简述：

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

漏洞公开时间：2025-05-21 14:16:28

漏洞创建时间：2025-05-22 16:02:08

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-4969

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2025-4969 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4969 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2025-4969 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-4969 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

修复是否涉及abi变化(是/否)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

原因说明：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

一、漏洞信息

漏洞编号：[CVE-2025-4969](https://nvd.nist.gov/vuln/detail/CVE-2025-4969)

漏洞归属组件：[libsoup3](https://gitee.com/src-openeuler/libsoup3)

漏洞归属的版本：3.0.6,3.2.2,3.4.4

CVSS V3.0分值：

BaseScore：6.5 Medium

漏洞简述：

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

漏洞公开时间：2025-05-21 14:16:28

漏洞创建时间：2025-05-22 16:02:08

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-4969

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2025-4969 | |

| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-4969 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2367552 | https://bugzilla.suse.com/show_bug.cgi?id=1243423 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2025-4969 |

| anolis | | https://anas.openanolis.cn/cves/detail/CVE-2025-4969 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

修复是否涉及abi变化(是/否)：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):

原因说明：

1.master(3.4.4):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3:

4.openEuler-22.03-LTS-SP4:

5.openEuler-24.03-LTS(3.4.4):

6.openEuler-24.03-LTS-Next(3.4.4):

7.openEuler-24.03-LTS-SP1(3.4.4):

8.openEuler-24.03-LTS-SP2(3.4.4):