PT-2025-48801 · Webkitgtk+7 · Webkitgtk+7

Publicado

2025-12-03

Atualizado

2026-01-20

CVE-2025-13947

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebKitGTK (affected versions not specified)

Description A security issue exists in WebKitGTK that could allow remote, user-assisted information disclosure. The issue involves the file drag-and-drop mechanism, where WebKitGTK does not properly verify the origin of drag operations. This could allow an attacker to reveal any file the user is permitted to read. The vulnerability is triggered by abusing the drag-and-drop functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Origin Validation Error

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346CWE-200

Identificadores relacionados

ALSA-2025:22789

ALSA-2025:22790

BDU:2026-02746

CVE-2025-13947

DLA-4399-1

DSA-6074-1

MGASA-2025-0325

OPENSUSE-SU-2026:20065-1

SUSE-SU-2025:4416-1

SUSE-SU-2025:4423-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:20102-1

USN-7941-1

Produtos afetados

Almalinux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Webkitgtk

PT-2025-48801 · Webkitgtk+7 · Webkitgtk+7

CVE-2025-13947

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 160