CVE-2025-13947 | THREATINT

Description

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-03 | Updated 2026-04-20 | Assigner redhat

HIGH: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Product status

Default status

unaffected

Any version before 2.50.3

affected

Default status

affected

0:2.50.3-2.el7_9 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el8_10 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_2 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_4 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_4 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_6 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_6 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_6 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_8 (rpm) before *

unaffected

Default status

affected

0:2.50.3-2.el8_8 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el9_7 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el9_0 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el9_2 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el9_4 (rpm) before *

unaffected

Default status

affected

0:2.50.3-1.el9_6 (rpm) before *

unaffected

Default status

unknown

Default status

affected

Timeline

2025-12-03:	Reported to Red Hat.
2025-12-03:	Made public.

Credits

Red Hat would like to thank Janet Black for reporting this issue.

References

access.redhat.com/errata/RHSA-2025:22789 (RHSA-2025:22789) vendor-advisory

access.redhat.com/errata/RHSA-2025:22790 (RHSA-2025:22790) vendor-advisory

access.redhat.com/errata/RHSA-2025:23110 (RHSA-2025:23110) vendor-advisory

access.redhat.com/errata/RHSA-2025:23433 (RHSA-2025:23433) vendor-advisory

access.redhat.com/errata/RHSA-2025:23434 (RHSA-2025:23434) vendor-advisory

access.redhat.com/errata/RHSA-2025:23451 (RHSA-2025:23451) vendor-advisory

access.redhat.com/errata/RHSA-2025:23452 (RHSA-2025:23452) vendor-advisory

access.redhat.com/errata/RHSA-2025:23583 (RHSA-2025:23583) vendor-advisory

access.redhat.com/errata/RHSA-2025:23591 (RHSA-2025:23591) vendor-advisory

access.redhat.com/errata/RHSA-2025:23742 (RHSA-2025:23742) vendor-advisory

access.redhat.com/errata/RHSA-2025:23743 (RHSA-2025:23743) vendor-advisory

access.redhat.com/security/cve/CVE-2025-13947 vdb-entry

bugs.webkit.org/show_bug.cgi?id=271957

bugzilla.redhat.com/show_bug.cgi?id=2418576 (RHBZ#2418576) issue-tracking

cve.org (CVE-2025-13947)

nvd.nist.gov (CVE-2025-13947)

Download JSON

help @ threatint.eu