CVE-2025-13947

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-13947

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

A

flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13947
https://bugzilla.redhat.com/show_bug.cgi?id=2418576
Configurations

No configuration.

History

07 Jan 2026, 16:15

Type Values Removed Values Added
CWE CWE-346

22 Dec 2025, 07:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:23742 -
  • () https://access.redhat.com/errata/RHSA-2025:23743 -

18 Dec 2025, 12:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:22789 -
  • () https://access.redhat.com/errata/RHSA-2025:22790 -
  • () https://access.redhat.com/errata/RHSA-2025:23110 -
  • () https://access.redhat.com/errata/RHSA-2025:23433 -
  • () https://access.redhat.com/errata/RHSA-2025:23434 -
  • () https://access.redhat.com/errata/RHSA-2025:23451 -
  • () https://access.redhat.com/errata/RHSA-2025:23452 -
  • () https://access.redhat.com/errata/RHSA-2025:23583 -
  • () https://access.redhat.com/errata/RHSA-2025:23591 -

03 Dec 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-03 10:15

Updated : 2026-01-07 16:15

NVD link : CVE-2025-13947

Mitre link : CVE-2025-13947

CVE.ORG link : CVE-2025-13947

JSON object : View

Products Affected

No product.

CWE
CWE-346

Origin Validation Error