CVE-2025-13947

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
redhatCNA
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
webkitgtk
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
ignored
xenial
ignored
webkit2gtk
questing
Fixed 2.50.3-0ubuntu0.25.10.1
released
plucky
Fixed 2.50.3-0ubuntu0.25.04.1
released
noble
Fixed 2.50.3-0ubuntu0.24.04.1
released
jammy
Fixed 2.50.3-0ubuntu0.22.04.1
released
focal
ignored
bionic
ignored
xenial
ignored
qtwebkit-source
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
ignored
xenial
ignored
qtwebkit-opensource-src
questing
dne
plucky
dne
noble
ignored
jammy
ignored
focal
ignored
bionic
ignored
xenial
ignored
wpewebkit
questing
dne
plucky
dne
noble
dne
jammy
ignored
focal
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13947
https://bugzilla.redhat.com/show_bug.cgi?id=2418576