Base Score

HIGH7.5

CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateNov 25, 2025, 08:15

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://access.redhat.com/errata/RHSA-2025:22789
https://access.redhat.com/errata/RHSA-2025:22790
https://access.redhat.com/errata/RHSA-2025:23110
https://access.redhat.com/errata/RHSA-2025:23433
https://access.redhat.com/errata/RHSA-2025:23434
https://access.redhat.com/errata/RHSA-2025:23451
https://access.redhat.com/errata/RHSA-2025:23452
https://access.redhat.com/errata/RHSA-2025:23583
https://access.redhat.com/errata/RHSA-2025:23591
https://access.redhat.com/errata/RHSA-2025:23742
https://access.redhat.com/errata/RHSA-2025:23743
https://access.redhat.com/security/cve/CVE-2025-13502
https://bugzilla.redhat.com/show_bug.cgi?id=2416300

Base Score

HIGH7.5

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH