Out-of-bounds Read Vulnerability in WebKitGTK and WPE WebKit from Red Hat
CVE-2025-13502

7.5HIGH

Key Information:

Vendor

The Webkitgtk Team

Status
Webkitgtk
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
25 November 2025

What is CVE-2025-13502?

A vulnerability exists in WebKitGTK and WPE WebKit that can trigger an out-of-bounds read and integer underflow. This issue may allow an attacker to cause a denial-of-service condition through a crafted payload directed at the GLib remote inspector server, leading to unexpected application crashes. It is essential for users of these products to be aware of this vulnerability and apply the necessary security updates to mitigate the risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.50.3-2.el7_9

Red Hat Enterprise Linux 8 0:2.50.3-1.el8_10

Red Hat Enterprise Linux 8.2 Advanced Update Support 0:2.50.3-2.el8_2

References

https://access.redhat.com/errata/RHSA-2025:22789
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22790
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23110
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Aisle Research and Stanislav Fort for reporting this issue.
JSON
.