Skip to main content

WebKitGTK. This EUVDEUVD-2025-200738

| CVE-2025-13947 HIGH
Origin Validation Error (CWE-346)
2025-12-03 secalert@redhat.com
7.4
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.4 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
7.4 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-200738
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 10:15 nvd
HIGH 7.4

DescriptionCVE.org

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

Analysis

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

Vendor StatusVendor

Ubuntu

Priority: Medium
webkitgtk
Release Status Version
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
bionic ignored -
xenial ignored -
webkit2gtk
Release Status Version
xenial ignored -
bionic ignored -
focal ignored -
upstream released 2.50.3
jammy released 2.50.3-0ubuntu0.22.04.1
noble released 2.50.3-0ubuntu0.24.04.1
plucky released 2.50.3-0ubuntu0.25.04.1
questing released 2.50.3-0ubuntu0.25.10.1
qtwebkit-source
Release Status Version
xenial ignored -
bionic ignored -
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -
qtwebkit-opensource-src
Release Status Version
xenial ignored -
bionic ignored -
focal ignored -
jammy ignored -
noble ignored -
plucky DNE -
questing DNE -
upstream needs-triage -
wpewebkit
Release Status Version
focal ignored -
jammy ignored -
noble DNE -
plucky DNE -
questing DNE -
upstream released 2.50.3-1

Debian

webkit2gtk
Release Status Fixed Version Urgency
bullseye fixed 2.50.3-1~deb11u1 -
bullseye (security) fixed 2.50.4-1~deb11u1 -
bookworm, bookworm (security) fixed 2.50.4-1~deb12u1 -
trixie (security), trixie fixed 2.50.4-1~deb13u1 -
forky fixed 2.50.5-1 -
sid fixed 2.50.6-1 -
bookworm fixed 2.50.3-1~deb12u1 -
trixie fixed 2.50.3-1~deb13u1 -
(unstable) fixed 2.50.3-1 -
wpewebkit
Release Status Fixed Version Urgency
bullseye (security), bullseye vulnerable 2.38.6-1~deb11u1 -
bookworm vulnerable 2.38.6-1 -
trixie vulnerable 2.48.3-1 -
forky fixed 2.50.5-1 -
sid fixed 2.50.6-1 -
bullseye fixed (unfixed) end-of-life
(unstable) fixed 2.50.3-1 -

SUSE

Severity: High
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 Container suse/sl-micro/6.1/base-os-container:2.2.0-4.55 Image SL-Micro Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SL-Micro-EC2 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Server 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2025-200738 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy