CVE-2025-13947
Advisory lineage Upstream: 0 Downstream: 20
Awaiting Analysis
Published: 03 Dec 2025, 09:45
Last modified:07 Jan 2026, 15:17
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.4 HIGH
v3.1 (cve.org)
EPSS Score
0.07% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
03 Dec 2025, 09:45
Published
Vulnerability first disclosed
07 Jan 2026, 15:17
Last Modified
Vulnerability information updated
Description
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
CVSS Metrics
- v3.1•HIGH•Score: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.07%• Percentile: 22%
Techniques & Countermeasures
- CWE-346•Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
Affected Systems
- the webkitgtk team•webkitgtk
< 2.50.3
References (13)
- https://access.redhat.com/errata/RHSA-2025:22789
- https://access.redhat.com/errata/RHSA-2025:22790
- https://access.redhat.com/errata/RHSA-2025:23110
- https://access.redhat.com/errata/RHSA-2025:23433
- https://access.redhat.com/errata/RHSA-2025:23434
- https://access.redhat.com/errata/RHSA-2025:23451
- https://access.redhat.com/errata/RHSA-2025:23452
- https://access.redhat.com/errata/RHSA-2025:23583
- https://access.redhat.com/errata/RHSA-2025:23591
- https://access.redhat.com/errata/RHSA-2025:23742
- https://access.redhat.com/errata/RHSA-2025:23743
- https://access.redhat.com/security/cve/CVE-2025-13947
- https://bugzilla.redhat.com/show_bug.cgi?id=2418576