PT-2025-48801 · Webkitgtk+7 · Webkitgtk+7

Published

2025-12-03

Updated

2026-01-20

CVE-2025-13947

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions WebKitGTK (affected versions not specified)

Description A security issue exists in WebKitGTK that could allow remote, user-assisted information disclosure. The issue involves the file drag-and-drop mechanism, where WebKitGTK does not properly verify the origin of drag operations. This could allow an attacker to reveal any file the user is permitted to read. The vulnerability is triggered by abusing the drag-and-drop functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Origin Validation Error

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346CWE-200

Related Identifiers

ALSA-2025:22789

ALSA-2025:22790

BDU:2026-02746

CVE-2025-13947

DLA-4399-1

DSA-6074-1

MGASA-2025-0325

OPENSUSE-SU-2026:20065-1

SUSE-SU-2025:4416-1

SUSE-SU-2025:4423-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:20102-1

USN-7941-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Webkitgtk

PT-2025-48801 · Webkitgtk+7 · Webkitgtk+7

CVE-2025-13947

Weakness Enumeration

Related Identifiers

Affected Products

References · 160