CVE-2025-13502: Out-of-bounds Read in The WebKitGTK Team webkitgtk
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
AI Analysis
Technical Summary
CVE-2025-13502 is an out-of-bounds read and integer underflow vulnerability in the WebKitGTK and WPE WebKit components. It can be exploited by sending a crafted payload to the GLib remote inspector server, leading to a crash of the UIProcess and causing a denial of service. The vulnerability has a CVSS v3.1 base score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges required, no user interaction, and impacts availability only. Red Hat has released security updates for webkit2gtk3 packages in Red Hat Enterprise Linux 8 and 9 that address this vulnerability. The vendor advisory confirms the availability of patches and recommends updating to the fixed versions.
Potential Impact
Successful exploitation of this vulnerability results in a denial of service due to the UIProcess crashing. There is no impact on confidentiality or integrity. No known exploits are reported in the wild. The vulnerability affects systems running vulnerable versions of WebKitGTK and WPE WebKit, including Red Hat Enterprise Linux 8 and 9 distributions with webkit2gtk3 packages prior to the fixed versions.
Mitigation Recommendations
Red Hat has released official security updates for webkit2gtk3 packages in Red Hat Enterprise Linux 8 and 9 that fix CVE-2025-13502. Applying these updates will remediate the vulnerability. Users should follow the guidance in the Red Hat advisories (RHSA-2025:22789 for RHEL 8 and RHSA-2025:22790 for RHEL 9) and update their systems accordingly. No additional mitigation steps are required beyond applying the official patches.
CVE-2025-13502: Out-of-bounds Read in The WebKitGTK Team webkitgtk
Description
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-13502 is an out-of-bounds read and integer underflow vulnerability in the WebKitGTK and WPE WebKit components. It can be exploited by sending a crafted payload to the GLib remote inspector server, leading to a crash of the UIProcess and causing a denial of service. The vulnerability has a CVSS v3.1 base score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges required, no user interaction, and impacts availability only. Red Hat has released security updates for webkit2gtk3 packages in Red Hat Enterprise Linux 8 and 9 that address this vulnerability. The vendor advisory confirms the availability of patches and recommends updating to the fixed versions.
Potential Impact
Successful exploitation of this vulnerability results in a denial of service due to the UIProcess crashing. There is no impact on confidentiality or integrity. No known exploits are reported in the wild. The vulnerability affects systems running vulnerable versions of WebKitGTK and WPE WebKit, including Red Hat Enterprise Linux 8 and 9 distributions with webkit2gtk3 packages prior to the fixed versions.
Mitigation Recommendations
Red Hat has released official security updates for webkit2gtk3 packages in Red Hat Enterprise Linux 8 and 9 that fix CVE-2025-13502. Applying these updates will remediate the vulnerability. Users should follow the guidance in the Red Hat advisories (RHSA-2025:22789 for RHEL 8 and RHSA-2025:22790 for RHEL 9) and update their systems accordingly. No additional mitigation steps are required beyond applying the official patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-11-21T07:48:53.245Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:22789","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:22790","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23110","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23433","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23434","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23451","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23452","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23583","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23591","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23742","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23743","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-13502","vendor":"Red Hat"}]
Threat ID: 69256893690aeb35a2ca49fc
Added to database: 11/25/2025, 8:28:03 AM
Last enriched: 4/21/2026, 5:46:29 AM
Last updated: 5/9/2026, 8:56:16 PM
Views: 198
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.