DEBIAN-CVE-2025-13502

DEBIAN-CVE-2025-13502 PUBLISHED CVSS 7.5 HIGH

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	wpewebkit	2.40.4-1, 2.40.5-1, 2.42.0-1
Debian:14	wpewebkit	2.50.0-2, 2.50.1-1, 2.50.0-2
Debian:14	webkit2gtk	2.50.0-1, 2.49.90-1, 2.48.6-1
Debian:13	wpewebkit	2.52.2-1, 0, 2.48.3-1
Debian:12	webkit2gtk	2.47.3-1, ,
Debian:11	webkit2gtk	2.38.4-2, 0, 2.32.3-1
Debian:13	webkit2gtk	2.50.0-2, 2.50.0-1, 2.49.90-1
Debian:12	wpewebkit	2.44.4-1, 2.44.3-1, 2.44.2-2

Timeline

Nov 25, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-13502 advisory

Open in Interactive Console →