CVE-2025-13947

EUVD-2025-200738
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
redhatCNA
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
webkitgtk
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
ignored
webkit2gtk
bionic
ignored
focal
ignored
jammy
Fixed 2.50.3-0ubuntu0.22.04.1
released
noble
Fixed 2.50.3-0ubuntu0.24.04.1
released
plucky
Fixed 2.50.3-0ubuntu0.25.04.1
released
questing
Fixed 2.50.3-0ubuntu0.25.10.1
released
xenial
ignored
qtwebkit-source
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
ignored
qtwebkit-opensource-src
bionic
ignored
focal
ignored
jammy
ignored
noble
ignored
plucky
dne
questing
dne
xenial
ignored
wpewebkit
focal
ignored
jammy
ignored
noble
dne
plucky
dne
questing
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13947
https://bugzilla.redhat.com/show_bug.cgi?id=2418576