2362651 – (CVE-2025-4035) CVE-2025-4035 libsoup: Cookie domain validation bypass via uppercase characters in libsoup

Bug 2362651 (CVE-2025-4035) - CVE-2025-4035 libsoup: Cookie domain validation bypass via uppercase characters in libsoup

Summary: CVE-2025-4035 libsoup: Cookie domain validation bypass via uppercase characte...

Keywords:
Status:	NEW
Alias:	CVE-2025-4035
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2362656 2362657 2362658 2362659 2362660 2362661 2362662 2362663 2362664
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-28 06:27 UTC by OSIDB Bzimport
Modified:	2025-04-29 12:24 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-04-28 06:27:56 UTC

When handling cookies, libsoup clients improperly validate domain names containing uppercase characters, allowing malicious websites to set cookies for public suffix domains and bypass expected isolation boundaries.

Note You need to log in before you can comment on or make changes to this bug.