CVE-2025-13502

Published: Nov 25, 2025

Modified: Apr 20, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

Vendor	Product	Versions
The WebKitGTK Team	webkitgtk	affected `0 - < 2.50.2`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	unaffected `0:2.50.3-2.el7_9 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.50.3-1.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:2.50.3-2.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:2.50.3-2.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	unaffected `0:2.50.3-2.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	unaffected `0:2.50.3-2.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	unaffected `0:2.50.3-2.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	unaffected `0:2.50.3-2.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	unaffected `0:2.50.3-2.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	unaffected `0:2.50.3-2.el8_8 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.50.3-1.el9_7 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	unaffected `0:2.50.3-1.el9_0 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `0:2.50.3-1.el9_2 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:2.50.3-1.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	unaffected `0:2.50.3-1.el9_6 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions