CVE-2025-66287

Advisory lineage Upstream: 0 Downstream: 20

Downstream

DEBIAN-CVE-2025-66287 DSA-6074-1 OPENSUSE-SU-2026:20065-1 RHSA-2025:22789 RHSA-2025:22790 RHSA-2025:23110

Awaiting Analysis

Published: 04 Dec 2025, 16:48

Last modified:22 Dec 2025, 20:49

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

v3.1 (cve.org)

EPSS Score

0.1% LOW

0% probability +0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Dec 2025, 16:48

Published

Vulnerability first disclosed

22 Dec 2025, 20:49

Last Modified

Vulnerability information updated

Description

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.10%• Percentile: 28%

Techniques & Countermeasures

CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Affected Systems

the webkitgtk team•webkitgtk
< 2.50.3