This vulnerability allows a malicious website to read arbitrary local files by abusing the file drag-and-drop mechanism in WebKitGTK. The flaw exists because WebKitGTK does not verify that drag operations originate from outside the browser before granting access to the referenced file path. A crafted webpage can prompt the user to perform an innocent-looking drag action that unintentionally exposes sensitive file content accessible to the user account. This results in a remote, user-assisted information disclosure vulnerability that can reveal any file the user is permitted to read.
Are there any further details? Which versions are affected? Was it reported upstream? Can you please add such details as references too when filling CVEs? Thanks!
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:22789 https://access.redhat.com/errata/RHSA-2025:22789
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:22790 https://access.redhat.com/errata/RHSA-2025:22790
(In reply to Leonardo Taccari from comment #2) > Are there any further details? Which versions are affected? Was it reported > upstream? > > Can you please add such details as references too when filling CVEs? > > Thanks! JFTR, this is part of <https://webkitgtk.org/security/WSA-2025-0009.html> and it was fixed upstream in version 2.50.3. It would be nice if upstream WSA can be added as a reference too.