CVE-2025-9901

Name: CVE-2025-9901 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2025-9901

MEDIUM

CVSS v3.1: 5.9 · EPSS: 0.0043 (34.1 percentile)

NetworkNo privilegesNo user interaction

Source data as of: 2026-06-26 05:02:17 UTC

At a glance

Severity: MEDIUM
CVSS: 5.9 v3.1 · NVD
EPSS: 0.0043 (34.1 percentile) · FIRST.org
CISA KEV: No
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Published: 2025-09-03 · Modified: 2026-06-25
References: Jump to references (3)

CVSS / EPSS / KEV

CVSS v3.1 5.9 / 10 MEDIUM Source: NVD

EPSS 0.0043 34.1 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments.

Record details

CVE ID: CVE-2025-9901
CVSS (v3.1): 5.9 (MEDIUM)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability subscore: 2.2
Impact subscore: 3.6
EPSS: 0.0043 (34.1 percentile) — 2026-06-26
CISA KEV: No
Weakness (CWE): CWE-524
Affected configurations (CPE): 0
Published: 2025-09-03
Modified: 2026-06-25
Status: Deferred

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2025-9901

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year