Information Disclosure Vulnerability in WebKitGTK by Red Hat
CVE-2025-13947

7.4HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 3 December 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-13947?

A flaw has been identified in WebKitGTK that enables remote, user-assisted information disclosure. This occurs when the file drag-and-drop mechanism is exploited, as the browser does not confirm that such operations are initiated from outside its environment. As a result, it could potentially allow unauthorized access to any files that the user has permission to read.

Affected Version(s)

Red Hat Enterprise Linux 8 0:2.50.3-1.el8_10

Red Hat Enterprise Linux 9 0:2.50.3-1.el9_7

Red Hat Enterprise Linux 9.6 Extended Update Support 0:2.50.3-1.el9_6

References

https://access.redhat.com/errata/RHSA-2025:22789

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:22790

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:23110

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Dec 3, 2025

Credit

Red Hat would like to thank Janet Black for reporting this issue.

.

CVE-2025-13947 : Information Disclosure Vulnerability in WebKitGTK by Red Hat