CVE-2025-66287
published 2025-12-04CVE-2025-66287: A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
PriorityP346high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.39%
30.4th percentile
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | webkit2gtk | < webkit2gtk 2.50.3-1~deb12u1 (bookworm) | webkit2gtk 2.50.3-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.50.3-1~deb12u1 (bookworm) | webkit2gtk 2.50.3-1~deb12u1 (bookworm) |
| the_webkitgtk_team | webkitgtk | < 2.50.3 | 2.50.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2026-01-05
CVE-2025-66287 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
vendor_redhat·2025-12-04·CVSS 8.8
CVE-2025-66287 [HIGH] CWE-120 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Statement: To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.
Additionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.
Mitigation: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to
Debian
CVE-2025-66287: webkit2gtk - A flaw was found in WebKitGTK. Processing malicious web content can cause an une...
vendor_debian·2025·CVSS 8.8
CVE-2025-66287 [HIGH] CVE-2025-66287: webkit2gtk - A flaw was found in WebKitGTK. Processing malicious web content can cause an une...
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Scope: local
bookworm: resolved (fixed in 2.50.3-1~deb12u1)
bullseye: resolved (fixed in 2.50.3-1~deb11u1)
forky: resolved (fixed in 2.50.3-1)
sid: resolved (fixed in 2.50.3-1)
trixie: resolved (fixed in 2.50.3-1~deb13u1)
GHSA
GHSA-f6mf-j487-747p: A flaw was found in WebKitGTK
ghsa_unreviewed·2025-12-04
CVE-2025-66287 [HIGH] CWE-120 GHSA-f6mf-j487-747p: A flaw was found in WebKitGTK
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
OSV
CVE-2025-66287: A flaw was found in WebKitGTK
osv·2025-12-04·CVSS 8.8
CVE-2025-66287 [HIGH] CVE-2025-66287: A flaw was found in WebKitGTK
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
No detection rules found.
No public exploits indexed.
https://access.redhat.com/errata/RHSA-2025:22789https://access.redhat.com/errata/RHSA-2025:22790https://access.redhat.com/errata/RHSA-2025:23110https://access.redhat.com/errata/RHSA-2025:23433https://access.redhat.com/errata/RHSA-2025:23434https://access.redhat.com/errata/RHSA-2025:23451https://access.redhat.com/errata/RHSA-2025:23452https://access.redhat.com/errata/RHSA-2025:23583https://access.redhat.com/errata/RHSA-2025:23591https://access.redhat.com/errata/RHSA-2025:23742https://access.redhat.com/errata/RHSA-2025:23743https://access.redhat.com/security/cve/CVE-2025-66287https://bugzilla.redhat.com/show_bug.cgi?id=2418857https://webkitgtk.org/security/WSA-2025-0009.html
2025-12-04
Published