CVE-2025-43227
Description
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description webkitgtk: Processing maliciously crafted web content may disclose sensitive user information Red Hat statement To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycleβ¦
Description
webkitgtk: Processing maliciously crafted web content may disclose sensitive user information
Red Hat statement
To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.
CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | webkitgtk4-0:2.48.5-1.el7_9 | RHSA-2025:15729 | 2025-09-15T00:00:00Z |
| Red Hat Enterprise Linux 8 | webkit2gtk3-0:2.48.5-1.el8_10 | RHSA-2025:13780 | 2025-08-13T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | webkit2gtk3-0:2.48.5-1.el8_2 | RHSA-2025:14432 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | webkit2gtk3-0:2.48.5-1.el8_4 | RHSA-2025:14486 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | webkit2gtk3-0:2.48.5-1.el8_4 | RHSA-2025:14486 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | webkit2gtk3-0:2.48.5-1.el8_6 | RHSA-2025:14433 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | webkit2gtk3-0:2.48.5-1.el8_6 | RHSA-2025:14433 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | webkit2gtk3-0:2.48.5-1.el8_6 | RHSA-2025:14433 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | webkit2gtk3-0:2.48.5-1.el8_8 | RHSA-2025:14434 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | webkit2gtk3-0:2.48.5-1.el8_8 | RHSA-2025:14434 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 9 | webkit2gtk3-0:2.48.5-1.el9_6 | RHSA-2025:13782 | 2025-08-13T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | webkit2gtk3-0:2.48.5-1.el9_0 | RHSA-2025:14422 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | webkit2gtk3-0:2.48.5-1.el9_2 | RHSA-2025:14421 | 2025-08-25T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | webkit2gtk3-0:2.48.5-1.el9_4 | RHSA-2025:14423 | 2025-08-25T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Out of support scope |
| Red Hat Enterprise Linux 7 | webkitgtk3 | Not affected |
Apply commands
yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 7 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.48.5-1~deb13u1 |
| sid | Fixed | 2.48.5-1 |
| forky | Fixed | 2.48.5-1 |
| bullseye | Fixed | 2.48.5-1~deb11u1 |
| bookworm | Fixed | 2.48.5-1~deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2025:13782
- https://errata.rockylinux.org/RLSA-2025:13780
- https://www.suse.com/security/cve/CVE-2025-43227.html
- https://errata.rockylinux.org/RLSA-2025:13782
- https://security-tracker.debian.org/tracker/CVE-2025-43227
- https://access.redhat.com/errata/RHSA-2025:13780
- https://bugzilla.redhat.com/2380254
- https://bugzilla.redhat.com/2384385
- https://bugzilla.redhat.com/2386268
- https://bugzilla.redhat.com/2386269
- https://bugzilla.redhat.com/2386270
- https://bugzilla.redhat.com/2386271
- https://bugzilla.redhat.com/2386273
- https://bugzilla.redhat.com/2386274
- https://bugzilla.redhat.com/2386276
- https://errata.almalinux.org/8/ALSA-2025-13780.html
- https://errata.almalinux.org/9/ALSA-2025-13782.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.