CVEFinder.io

CVE-2025-13502

⚠️ high
Summary

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-11-25
First Seen: 2026-01-05
Last Modified 2026-02-06
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-125

πŸ”— References 13

https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13502
https://bugzilla.redhat.com/show_bug.cgi?id=2416300

πŸ“¦ Affected Products 2

Vendor Product Status Affected Versions
red_hat red_hat_enterprise_linux_6 Affected All versions
the_webkitgtk_team webkitgtk Affected
< 2.50.2

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-12744 ⚠️ high 8.8 0.0 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from... 2025-12-03
CVE-2025-13193 πŸ”Ά medium 5.5 0.0 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, ma... 2025-11-17
CVE-2025-12748 πŸ”Ά medium 5.5 0.1 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files w... 2025-11-11
These CVEs affect the same products