HTTP Host Header Smuggling via libsoups Duplicate Host Handling
CVE-2025-14523 Published on December 11, 2025
Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Vulnerability Analysis
CVE-2025-14523 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2025-14523 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2025-14523
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-14523 are published in these products:
Affected Versions
Red Hat Enterprise Linux 10:- Version 0:3.6.5-3.el10_1.8 and below * is unaffected.
- Version 0:3.6.5-3.el10_0.11 and below * is unaffected.
- Version 0:2.62.2-10.el7_9 and below * is unaffected.
- Version 0:2.62.3-11.el8_10 and below * is unaffected.
- Version 0:8.10-6.el8_10.1 and below * is unaffected.
- Version 0:2.62.3-11.el8_10 and below * is unaffected.
- Version 0:2.62.3-1.el8_2.7 and below * is unaffected.
- Version 0:8.10-6.el8_2.1 and below * is unaffected.
- Version 0:2.62.3-2.el8_4.7 and below * is unaffected.
- Version 0:8.10-6.el8_4.1 and below * is unaffected.
- Version 0:2.62.3-2.el8_4.7 and below * is unaffected.
- Version 0:8.10-6.el8_4.1 and below * is unaffected.
- Version 0:2.62.3-2.el8_6.7 and below * is unaffected.
- Version 0:8.10-6.el8_6.1 and below * is unaffected.
- Version 0:2.62.3-2.el8_6.7 and below * is unaffected.
- Version 0:8.10-6.el8_6.1 and below * is unaffected.
- Version 0:2.62.3-2.el8_6.7 and below * is unaffected.
- Version 0:8.10-6.el8_6.1 and below * is unaffected.
- Version 0:2.62.3-3.el8_8.7 and below * is unaffected.
- Version 0:8.10-6.el8_8.1 and below * is unaffected.
- Version 0:2.62.3-3.el8_8.7 and below * is unaffected.
- Version 0:8.10-6.el8_8.1 and below * is unaffected.
- Version 0:2.72.0-12.el9_7.3 and below * is unaffected.
- Version 0:2.72.0-8.el9_0.8 and below * is unaffected.
- Version 0:2.72.0-8.el9_2.8 and below * is unaffected.
- Version 0:2.72.0-8.el9_4.8 and below * is unaffected.
- Version 0:2.72.0-10.el9_6.5 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.