Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

SUSE: Critical Proxy Cache Poisoning Vulnerability CVE-2025-10148

suse
Calendar Grey September 11, 2025
Dist Suse Esm H88
Two critical vulnerabilities in cURL have been identified that impact SUSE Linux Enterprise, potentially exposing systems to significant security threats. Immediate updates are highly advised.
* bsc#1249191 * bsc#1249348 Cross-References: * CVE-2025-10148

Summary

## This update for curl fixes the following issues: * CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). * CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3173=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3173=1 ## Package List:

References

* bsc#1249191

* bsc#1249348

Cross-

* CVE-2025-10148

* CVE-2025-9086

CVSS scores:

* CVE-2025-9086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS

* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-10148.html

* https://www.suse.com/security/cve/CVE-2025-9086.html

* https://bugzilla.suse.com/show_bug.cgi?id=1249191

* https://bugzilla.suse.com/show_bug.cgi?id=1249348

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03173-1
Release Date: 2025-09-11T12:55:04Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here