CVE-2025-13502 - Vulnerability Details

CVE-2025-13502 - Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00085.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

The WebKitGTK Team

webkitgtk

unaffected

Version	Status	Constraints
`0`	affected	< 2.50.2

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

affected

Version	Status	Constraints
`0:2.50.3-2.el7_9`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.50.3-1.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`0:2.50.3-2.el8_2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.50.3-2.el8_4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`0:2.50.3-2.el8_4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.50.3-2.el8_6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.50.3-2.el8_6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.50.3-2.el8_6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.50.3-2.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.50.3-2.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.50.3-1.el9_7`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.50.3-1.el9_0`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.50.3-1.el9_2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`0:2.50.3-1.el9_4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`0:2.50.3-1.el9_6`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 affected —

No data.

Subscriptions

Vendors	Products
Redhat Subscribe	Enterprise Linux Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Eus Long Life Subscribe Rhel Tus Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13502
https://bugzilla.redhat.com/show_bug.cgi?id=2416300
https://nvd.nist.gov/vuln/detail/CVE-2025-13502
https://www.cve.org/CVERecord?id=CVE-2025-13502

History

Mon, 22 Dec 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:23742 https://access.redhat.com/errata/RHSA-2025:23743

Thu, 18 Dec 2025 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:23583

Thu, 18 Dec 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
References		https://access.redhat.com/errata/RHSA-2025:23591

Wed, 17 Dec 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_e4s:9.0::appstream
References		https://access.redhat.com/errata/RHSA-2025:23433 https://access.redhat.com/errata/RHSA-2025:23452

Wed, 17 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:23451

Wed, 17 Dec 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:23434

Thu, 11 Dec 2025 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.6::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:23110

Mon, 08 Dec 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2025:22789

Mon, 08 Dec 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:22790

Tue, 25 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 25 Nov 2025 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
References		https://nvd.nist.gov/vuln/detail/CVE-2025-13502 https://www.cve.org/CVERecord?id=CVE-2025-13502
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 25 Nov 2025 08:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
Title		Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-190
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-13502 https://bugzilla.redhat.com/show_bug.cgi?id=2416300
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-11-25T08:02:26.022Z

Updated: 2026-02-06T20:06:26.302Z

Reserved: 2025-11-21T07:48:53.245Z

Link: CVE-2025-13502

Vulnrichment

Updated: 2025-11-25T14:40:24.497Z

NVD

Status : Awaiting Analysis

Published: 2025-11-25T08:15:51.917

Modified: 2026-02-06T21:16:15.390

Link: CVE-2025-13502

Redhat

Severity : Important

Publid Date: 2025-11-25T07:59:40Z

Links: CVE-2025-13502 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object