CNNVD-202512-409 Information

Dec 03, 2025 cve

CNNVD ID

CNNVD-202512-409

CVE-2025-13947

CNNVD Published: 2025-12-03

Description (Chinese)

WebKitGTK是WebKit渲染引擎的全功能端口，适用于需要任何类型的Web集成的项目，包括混合HTML / CSS应用程序到成熟的Web浏览器。它提供WebKit的全部功能，适用于从台式计算机到手机，平板电脑和电视等嵌入式系统的各种系统。 WebKitGTK存在安全漏洞，该漏洞源于文件拖放机制验证不足，可能导致远程信息泄露。

Description (English)

WebKitGTK, a fully functional port for the WebKit Rendering Engine, applies to projects requiring any type of Web integration, including blending HTML/CSS applications to mature Web browsers. It provides the full functionality of WebKit for systems that are embedded in systems ranging from desktops to mobile phones, tablets and televisions. There is a security loophole in WebKitGTK, which arises from inadequate document drop-and-drop mechanism verification, which could lead to remote information leaks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

WebKitGTK

Published

2025-12-03

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2418576 https://access.redhat.com/security/cve/CVE-2025-13947 https://vigilance.fr/vulnerability/WebKitGTK-file-reading-via-drag-and-drop-49012

Share on: