CVE-2025-13502

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK and WPE WebKit (affected versions not specified)

Description A security issue exists in WebKitGTK and WPE WebKit that allows for an out-of-bounds read and integer underflow. Successful exploitation of this issue can lead to a denial-of-service (DoS) condition through a UIProcess crash. The issue is triggered by processing a specially crafted payload sent to the GLib remote inspector server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-190

Related Identifiers

ALSA-2025:22789

ALSA-2025:22790

BDU:2026-02744

CVE-2025-13502

DLA-4394-1

DSA-6070-1

OPENSUSE-SU-2026:20065-1

RHSA-2025:22789

RHSA-2025:22790

RHSA-2025:23110

RHSA-2025:23433

RHSA-2025:23434

RHSA-2025:23451

RHSA-2025:23452

RHSA-2025:23583

RHSA-2025:23591

RHSA-2025:23742

RHSA-2025:23743

SUSE-SU-2025:4416-1

SUSE-SU-2025:4423-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:1139-1

SUSE-SU-2026:1150-1

SUSE-SU-2026:20102-1

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Wpe Webkit

Webkitgtk

CVE-2025-13502

Weakness Enumeration

Related Identifiers

Affected Products

References · 191