CVE-2025-43227

high

Published 2025-08-13 · Modified 2025-08-14

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

Important: webkit2gtk3 security update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description webkitgtk: Processing maliciously crafted web content may disclose sensitive user information Red Hat statement To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7 Extended Lifecycle…

Description

webkitgtk: Processing maliciously crafted web content may disclose sensitive user information

Red Hat statement

To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 7 Extended Lifecycle Support	`webkitgtk4-0:2.48.5-1.el7_9`	RHSA-2025:15729	2025-09-15T00:00:00Z
Red Hat Enterprise Linux 8	`webkit2gtk3-0:2.48.5-1.el8_10`	RHSA-2025:13780	2025-08-13T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`webkit2gtk3-0:2.48.5-1.el8_2`	RHSA-2025:14432	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`webkit2gtk3-0:2.48.5-1.el8_4`	RHSA-2025:14486	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	`webkit2gtk3-0:2.48.5-1.el8_4`	RHSA-2025:14486	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`webkit2gtk3-0:2.48.5-1.el8_6`	RHSA-2025:14433	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`webkit2gtk3-0:2.48.5-1.el8_6`	RHSA-2025:14433	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`webkit2gtk3-0:2.48.5-1.el8_6`	RHSA-2025:14433	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`webkit2gtk3-0:2.48.5-1.el8_8`	RHSA-2025:14434	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`webkit2gtk3-0:2.48.5-1.el8_8`	RHSA-2025:14434	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 9	`webkit2gtk3-0:2.48.5-1.el9_6`	RHSA-2025:13782	2025-08-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	`webkit2gtk3-0:2.48.5-1.el9_0`	RHSA-2025:14422	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	`webkit2gtk3-0:2.48.5-1.el9_2`	RHSA-2025:14421	2025-08-25T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`webkit2gtk3-0:2.48.5-1.el9_4`	RHSA-2025:14423	2025-08-25T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`webkitgtk`	Out of support scope
Red Hat Enterprise Linux 7	`webkitgtk3`	Not affected

Apply commands

bash fix

Apply RHSA-2025:15729 for Red Hat Enterprise Linux 7 Extended Lifecycle Support

yum update -y webkitgtk4
# or:
dnf upgrade -y webkitgtk4

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 7	`Not affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
sles		affected
rocky	9	fixed
debian	bookworm	fixed	`2.48.5-1~deb12u1`
debian	bullseye	fixed	`2.48.5-1~deb11u1`
debian	forky	fixed	`2.48.5-1`
debian	sid	fixed	`2.48.5-1`
debian	trixie	fixed	`2.48.5-1~deb13u1`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.