2373305 – (CVE-2025-4673) CVE-2025-4673 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

Bug 2373305 (CVE-2025-4673) - CVE-2025-4673 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

Summary: CVE-2025-4673 net/http: Sensitive headers not cleared on cross-origin redirec...

Keywords:
Status:	NEW
Alias:	CVE-2025-4673
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2374280 2374705 2374278
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-18 06:35 UTC by OSIDB Bzimport
Modified:	2025-10-20 10:30 UTC (History)
CC List:	121 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:10672	None	None	None	2025-07-09 00:50:39 UTC
Red Hat Product Errata	RHSA-2025:10676	None	None	None	2025-07-09 00:52:20 UTC
Red Hat Product Errata	RHSA-2025:10677	None	None	None	2025-07-09 00:52:46 UTC
Red Hat Product Errata	RHSA-2025:15406	None	None	None	2025-09-08 01:23:15 UTC
Red Hat Product Errata	RHSA-2025:15887	None	None	None	2025-09-16 00:55:46 UTC
Red Hat Product Errata	RHSA-2025:16432	None	None	None	2025-09-23 08:24:31 UTC

Description OSIDB Bzimport 2025-06-18 06:35:20 UTC

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Comment 5 errata-xmlrpc 2025-07-09 00:50:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:10672 https://access.redhat.com/errata/RHSA-2025:10672

Comment 6 errata-xmlrpc 2025-07-09 00:52:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:10676 https://access.redhat.com/errata/RHSA-2025:10676

Comment 7 errata-xmlrpc 2025-07-09 00:52:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:10677 https://access.redhat.com/errata/RHSA-2025:10677

Comment 10 errata-xmlrpc 2025-09-08 01:23:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:15406 https://access.redhat.com/errata/RHSA-2025:15406

Comment 11 errata-xmlrpc 2025-09-16 00:55:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:15887 https://access.redhat.com/errata/RHSA-2025:15887

Comment 12 errata-xmlrpc 2025-09-23 08:24:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:16432 https://access.redhat.com/errata/RHSA-2025:16432

Note You need to log in before you can comment on or make changes to this bug.

aazores
abrianik
akostadi
alcohan
amasferr
amctagga
anjoseph
ansmith
anthomas
aoconnor
bbrownin
bdettelb
bniver
cbartlet
cmah
crizzo
davidn
dhanak
dmayorov
doconnor
drosa
dsimansk
dymurray
eaguilar
ebaron
eglynn
ehelms
fdeutsch
flucifre
ggainey
ggrzybek
gmeno
gparvin
gryan
gzaronik
haoli
hkataria
ibolton
jaharrin
jajackso
jburrell
jcammara
jcantril
jeder
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jprabhak
jschluet
juwatts
jwendell
kegrant
kingland
koliveir
kshier
kverlaen
lchilton
lhh
lphiri
lsvaty
mabashia
manissin
matzew
mbenjamin
mbocek
mburns
mgarciac
mhackett
mhulan
mmakovy
mnovotny
mrunge
njean
nmoumoul
oramraz
osousa
owatkins
pahickey
parichar
pbraun
pcreech
peholase
periklis
pgaikwad
pgrist
pjindal
rcernich
rchan
rhaigner
rjohnson
rojacob
sakbas
sausingh
sdawley
sfeifer
shvarugh
simaishi
slucidi
smallamp
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
tasato
teagle
tfister
thason
thavo
tjochec
vereddy
vimartin
whayutin
wtam
yguenane