Home
HIGH: 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NDefault status
unknown
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Description
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
Product status
Timeline
| 2025-12-03: | Reported to Red Hat. |
| 2025-12-03: | Made public. |
Credits
Red Hat would like to thank Janet Black for reporting this issue.
References
access.redhat.com/security/cve/CVE-2025-13947
bugzilla.redhat.com/show_bug.cgi?id=2418576 (RHBZ#2418576)
