๐Ÿ” CVE Alert

CVE-2025-13947

HIGH 7.4

Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop

CVSS Score
7.4
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

Vendor the webkitgtk team
Product webkitgtk
Published Dec 3, 2025
Last Updated Jan 7, 2026
Stay Ahead of the Next One

Get instant alerts for the webkitgtk team webkitgtk

Be the first to know when new high vulnerabilities affecting the webkitgtk team webkitgtk are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

The WebKitGTK Team / webkitgtk
0 < 2.50.3
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22789 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22790 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23110 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23433 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23434 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23451 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23452 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23583 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23591 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23742 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23743 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-13947 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2418576

Credits

Red Hat would like to thank Janet Black for reporting this issue.