High severity7.4NVD Advisory· Published Dec 3, 2025· Updated Apr 20, 2026
CVE-2025-13947
CVE-2025-13947
Description
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- access.redhat.com/errata/RHSA-2025:22789nvd
- access.redhat.com/errata/RHSA-2025:22790nvd
- access.redhat.com/errata/RHSA-2025:23110nvd
- access.redhat.com/errata/RHSA-2025:23433nvd
- access.redhat.com/errata/RHSA-2025:23434nvd
- access.redhat.com/errata/RHSA-2025:23451nvd
- access.redhat.com/errata/RHSA-2025:23452nvd
- access.redhat.com/errata/RHSA-2025:23583nvd
- access.redhat.com/errata/RHSA-2025:23591nvd
- access.redhat.com/errata/RHSA-2025:23742nvd
- access.redhat.com/errata/RHSA-2025:23743nvd
- access.redhat.com/security/cve/CVE-2025-13947nvd
- bugs.webkit.org/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.