PT-2025-37795 · Apple+8 · Ipados+14

Big Bear

·

Published

2025-09-15

·

Updated

2026-01-20

·

CVE-2025-43272

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.48.7-0ubuntu0.25.04.2 WebKitGTK (affected versions not specified)
Description WebKitGTK is a port of the WebKit web rendering engine to the GTK platform. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. A remote attacker could exploit these issues by tricking a user into viewing a malicious website, potentially leading to cross-site scripting attacks, denial of service attacks, and arbitrary code execution. A specific flaw, identified as CVE-2025-43272, involves improper memory handling when processing malicious web content, which can cause an unexpected process crash. The issue has been addressed with improved memory handling.
Recommendations Update to WebKitGTK version 2.48.7-0ubuntu0.25.04.2 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Overflow

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025:17802
ALSA-2025:18097
ALSA-2025:20922
BDU:2025-14973
CESA-2025_17802
CVE-2025-43272
DLA-4375-1
DSA-6042-1
INFSA-2025_17802
INFSA-2025_18097
INFSA-2025_20922
MGASA-2025-0313
OPENSUSE-SU-2026:20065-1
RHSA-2025:17643
RHSA-2025:17741
RHSA-2025:17743
RHSA-2025:17802
RHSA-2025:17807
RHSA-2025:18097
RHSA-2025:19109
RHSA-2025:19157
RHSA-2025:19165
RHSA-2025:19352
RHSA-2025:20922
RHSA-2025_17802
RHSA-2025_18097
RHSA-2025_20922
SUSE-SU-2025:3700-1
SUSE-SU-2025:3701-1
SUSE-SU-2025:3905-1
SUSE-SU-2025_3700-1
SUSE-SU-2025_3701-1
SUSE-SU-2025_3905-1
SUSE-SU-2026:20102-1
USN-7817-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados
Macos Tahoe
Visionos
Watchos