Bug 2386276 (CVE-2025-43265)

Summary: CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper input validation, resulting in the disclosure of the internal states of the application.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2386382, 2386381, 2386383    
Bug Blocks:    

Description OSIDB Bzimport 2025-08-04 12:56:25 UTC 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.
Comment 1 errata-xmlrpc 2025-08-13 09:36:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:13780 https://access.redhat.com/errata/RHSA-2025:13780
Comment 2 errata-xmlrpc 2025-08-13 09:39:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13782 https://access.redhat.com/errata/RHSA-2025:13782
Comment 3 errata-xmlrpc 2025-08-25 08:12:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:14421 https://access.redhat.com/errata/RHSA-2025:14421
Comment 4 errata-xmlrpc 2025-08-25 08:26:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:14422 https://access.redhat.com/errata/RHSA-2025:14422
Comment 5 errata-xmlrpc 2025-08-25 08:28:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:14423 https://access.redhat.com/errata/RHSA-2025:14423
Comment 6 errata-xmlrpc 2025-08-25 08:30:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:14432 https://access.redhat.com/errata/RHSA-2025:14432
Comment 7 errata-xmlrpc 2025-08-25 08:32:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14434 https://access.redhat.com/errata/RHSA-2025:14434
Comment 8 errata-xmlrpc 2025-08-25 08:34:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:14433 https://access.redhat.com/errata/RHSA-2025:14433
Comment 9 errata-xmlrpc 2025-08-25 10:43:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:14486 https://access.redhat.com/errata/RHSA-2025:14486
Comment 10 errata-xmlrpc 2025-09-15 01:25:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:15729 https://access.redhat.com/errata/RHSA-2025:15729