CVE-2025-14523

DOCUMENTATION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. 

            STATEMENT: This vulnerability is rated Important for Red Hat products that utilize libsoup in environments where applications are exposed via a front proxy. The flaw arises from a discrepancy in how libsoup processes duplicate Host: headers (last-value wins) compared to many proxies (first-value wins). This mismatch can lead to virtual-host confusion, enabling attackers to bypass host-based access controls or perform cache poisoning. Systems where libsoup applications are directly accessible without an intervening proxy are not affected by this specific issue.

            MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.