CVE-2025-13947

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
redhatCNA
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
webkitgtk
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
needs-triage
xenial
needs-triage
Vulnerability Media Exposure
References
https://access.redhat.com/security/cve/CVE-2025-13947
https://bugzilla.redhat.com/show_bug.cgi?id=2418576