Vulnerability-Lookup

CVE-2025-31278 (GCVE-0-2025-31278)

Vulnerability from cvelistv5 – Published: 2025-07-29 23:35 – Updated: 2026-04-02 18:09

Summary

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

Processing maliciously crafted web content may lead to memory corruption
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

apple

References

13 references

URL	Tags
https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124152
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155
https://lists.debian.org/debian-lts-announce/2025…
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/36
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/31
http://www.openwall.com/lists/oss-security/2025/08/02/1

Impacted products

7 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 18.6 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18.6 (custom)
Apple	iPadOS	Affected: 0 , < 17.7.9 (custom)
Apple	macOS	Affected: 0 , < 15.6 (custom)
Apple	tvOS	Affected: 0 , < 18.6 (custom)
Apple	visionOS	Affected: 0 , < 2.6 (custom)
Apple	watchOS	Affected: 0 , < 11.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-31278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-31T03:56:02.495080Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:09.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:04.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/36"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Jul/31"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to memory corruption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:09:24.679Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/124147"
        },
        {
          "url": "https://support.apple.com/en-us/124148"
        },
        {
          "url": "https://support.apple.com/en-us/124149"
        },
        {
          "url": "https://support.apple.com/en-us/124152"
        },
        {
          "url": "https://support.apple.com/en-us/124153"
        },
        {
          "url": "https://support.apple.com/en-us/124154"
        },
        {
          "url": "https://support.apple.com/en-us/124155"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-31278",
    "datePublished": "2025-07-29T23:35:08.211Z",
    "dateReserved": "2025-03-27T16:13:58.344Z",
    "dateUpdated": "2026-04-02T18:09:24.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-31278",
      "date": "2026-06-23",
      "epss": "0.01084",
      "percentile": "0.60894"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-31278\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-07-30T00:15:30.950\",\"lastModified\":\"2026-04-02T19:19:59.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.\"},{\"lang\":\"es\",\"value\":\"El problema se solucion\u00f3 mejorando la gesti\u00f3n de la memoria. Este problema est\u00e1 corregido en iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 y iPadOS 18.6, macOS Sequoia 15.6 y tvOS 18.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar da\u00f1os en la memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.6\",\"matchCriteriaId\":\"969AD7A8-5CCF-4607-BBE8-E06E642A170C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.7.9\",\"matchCriteriaId\":\"E2A4A63D-08FE-4021-8059-FB290A7F398A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.6\",\"matchCriteriaId\":\"2E56FF85-7920-40F5-BF37-32C8C839CCC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.6\",\"matchCriteriaId\":\"BD9D42A7-DE2A-4D5A-8C7B-002A60148483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.6\",\"matchCriteriaId\":\"077E4BB7-4A8B-4D18-BCD7-2938A2B8B9C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.6\",\"matchCriteriaId\":\"FBC1698A-3E9C-4055-B23A-13A3C22BD6EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6\",\"matchCriteriaId\":\"EADBC0BD-ECAC-4E0A-B490-24649AFE5355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.6\",\"matchCriteriaId\":\"35D9C2D7-6120-4631-8D0B-259641DFD85B\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/124147\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124148\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124149\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124152\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124153\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124154\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/124155\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2025/Aug/0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Jul/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/02/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Aug/0\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/36\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/32\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Jul/31\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/02/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:10:04.731Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31278\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-31T03:56:02.495080Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-30T13:27:13.496Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.7.9\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"15.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/124147\"}, {\"url\": \"https://support.apple.com/en-us/124148\"}, {\"url\": \"https://support.apple.com/en-us/124149\"}, {\"url\": \"https://support.apple.com/en-us/124152\"}, {\"url\": \"https://support.apple.com/en-us/124153\"}, {\"url\": \"https://support.apple.com/en-us/124154\"}, {\"url\": \"https://support.apple.com/en-us/124155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to memory corruption\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-04-02T18:09:24.679Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-31278\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T18:09:24.679Z\", \"dateReserved\": \"2025-03-27T16:13:58.344Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-07-29T23:35:08.211Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-1683

Vulnerability from csaf_certbund - Published: 2025-07-30 22:00 - Updated: 2026-03-22 23:00

Summary

Apple Safari: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Safari ist der auf Apple Geräten eingesetzte Web Browser.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2025-24188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-31273

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-31277

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-31278

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43211

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43212

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43213

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43214

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43216

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43227

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43228

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43229

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43240

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-43265

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-6558

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-7424

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

CVE-2025-7425

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <18.6 Apple / Safari		<18.6

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/124152	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1683 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1683.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1683 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1683"
      },
      {
        "category": "external",
        "summary": "Apple Safari Security Updates vom 2025-07-30",
        "url": "https://support.apple.com/en-us/124152"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2026-03-22",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple Safari: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-22T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-23T11:30:53.840+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1683",
      "initial_release_date": "2025-07-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-22T23:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.6",
                "product": {
                  "name": "Apple Safari \u003c18.6",
                  "product_id": "T045768"
                }
              },
              {
                "category": "product_version",
                "name": "18.6",
                "product": {
                  "name": "Apple Safari 18.6",
                  "product_id": "T045768-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apple:safari:18.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Safari"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-24188",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-24188"
    },
    {
      "cve": "CVE-2025-31273",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-31273"
    },
    {
      "cve": "CVE-2025-31277",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-31277"
    },
    {
      "cve": "CVE-2025-31278",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-31278"
    },
    {
      "cve": "CVE-2025-43211",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43211"
    },
    {
      "cve": "CVE-2025-43212",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43212"
    },
    {
      "cve": "CVE-2025-43213",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43213"
    },
    {
      "cve": "CVE-2025-43214",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43214"
    },
    {
      "cve": "CVE-2025-43216",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43216"
    },
    {
      "cve": "CVE-2025-43227",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43227"
    },
    {
      "cve": "CVE-2025-43228",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43228"
    },
    {
      "cve": "CVE-2025-43229",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43229"
    },
    {
      "cve": "CVE-2025-43240",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43240"
    },
    {
      "cve": "CVE-2025-43265",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-43265"
    },
    {
      "cve": "CVE-2025-6558",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-6558"
    },
    {
      "cve": "CVE-2025-7424",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-7424"
    },
    {
      "cve": "CVE-2025-7425",
      "product_status": {
        "known_affected": [
          "T045768"
        ]
      },
      "release_date": "2025-07-30T22:00:00.000+00:00",
      "title": "CVE-2025-7425"
    }
  ]
}

WID-SEC-W-2025-1703

Vulnerability from csaf_certbund - Published: 2025-08-03 22:00 - Updated: 2025-11-30 23:00

Summary

WebKitGTK: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.

Angriff: Ein Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen oder andere nicht spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2025-31273

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-31278

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43211

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43212

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43216

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43227

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43228

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43240

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-43265

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-6558

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source WebKitGTK <2.48.5 Open Source / WebKitGTK		<2.48.5
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

CVE-2025-24189

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source WebKitGTK <2.48.0 Open Source / WebKitGTK		<2.48.0
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Dell NetWorker Runtime Environment <8.0.27 Dell / NetWorker		Runtime Environment <8.0.27
Dell NetWorker Runtime Environment <17.0.3 Dell / NetWorker		Runtime Environment <17.0.3

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://webkitgtk.org/security/WSA-2025-0005.html	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://kb.igel.com/en/security-safety/current/is…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://linux.oracle.com/errata/ELSA-2025-13780.html	external
https://access.redhat.com/errata/RHSA-2025:13782	external
https://access.redhat.com/errata/RHSA-2025:13780	external
https://linux.oracle.com/errata/ELSA-2025-13782.html	external
https://lists.debian.org/debian-security-announce…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-2970.html	external
https://ubuntu.com/security/notices/USN-7702-1	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://access.redhat.com/errata/RHSA-2025:14432	external
https://access.redhat.com/errata/RHSA-2025:14434	external
https://access.redhat.com/errata/RHSA-2025:14433	external
https://access.redhat.com/errata/RHSA-2025:14423	external
https://access.redhat.com/errata/RHSA-2025:14422	external
https://access.redhat.com/errata/RHSA-2025:14421	external
https://access.redhat.com/errata/RHSA-2025:14486	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://errata.build.resf.org/RLSA-2025:13780	external
https://access.redhat.com/errata/RHSA-2025:15729	external
https://security.gentoo.org/glsa/202511-02	external
https://www.dell.com/support/kbdoc/de-de/00039745…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1703 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1703.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1703 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1703"
      },
      {
        "category": "external",
        "summary": "WebKit Security Advisory vom 2025-08-03",
        "url": "https://webkitgtk.org/security/WSA-2025-0005.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-61CA72F430 vom 2025-08-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-61ca72f430"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-9B8165A4B3 vom 2025-08-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9b8165a4b3"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2025-32 vom 2025-08-12",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2025-32-webkit-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02766-1 vom 2025-08-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02765-1 vom 2025-08-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022142.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02777-1 vom 2025-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022150.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-13780 vom 2025-08-14",
        "url": "https://linux.oracle.com/errata/ELSA-2025-13780.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13782 vom 2025-08-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:13782"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13780 vom 2025-08-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:13780"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-13782 vom 2025-08-14",
        "url": "https://linux.oracle.com/errata/ELSA-2025-13782.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5978 vom 2025-08-18",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00142.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2970 vom 2025-08-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2970.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7702-1 vom 2025-08-19",
        "url": "https://ubuntu.com/security/notices/USN-7702-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4276 vom 2025-08-20",
        "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14432 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14432"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14434 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14434"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14433 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14433"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14423 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14423"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14422 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14422"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14421 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14421"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:14486 vom 2025-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:14486"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02973-1 vom 2025-08-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022263.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2025-BFA97EDD0C vom 2025-09-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-bfa97edd0c"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:13780 vom 2025-09-08",
        "url": "https://errata.build.resf.org/RLSA-2025:13780"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:15729 vom 2025-09-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:15729"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202511-02 vom 2025-11-25",
        "url": "https://security.gentoo.org/glsa/202511-02"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-438 vom 2025-12-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000397455/dsa-2025-438-security-update-for-dell-networker-runtime-environment-multiple-third-party-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "WebKitGTK: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-30T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-01T09:42:17.941+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-1703",
      "initial_release_date": "2025-08-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-06T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IGEL und SUSE aufgenommen"
        },
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2025-08-18T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-08-19T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-24T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-08-25T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-09-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-09-08T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2025-09-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-24T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2025-11-30T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Runtime Environment \u003c17.0.3",
                "product": {
                  "name": "Dell NetWorker Runtime Environment \u003c17.0.3",
                  "product_id": "T048963"
                }
              },
              {
                "category": "product_version",
                "name": "Runtime Environment 17.0.3",
                "product": {
                  "name": "Dell NetWorker Runtime Environment 17.0.3",
                  "product_id": "T048963-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:runtime_environment__17.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Runtime Environment \u003c8.0.27",
                "product": {
                  "name": "Dell NetWorker Runtime Environment \u003c8.0.27",
                  "product_id": "T048964"
                }
              },
              {
                "category": "product_version",
                "name": "Runtime Environment 8.0.27",
                "product": {
                  "name": "Dell NetWorker Runtime Environment 8.0.27",
                  "product_id": "T048964-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:runtime_environment__8.0.27"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.48.5",
                "product": {
                  "name": "Open Source WebKitGTK \u003c2.48.5",
                  "product_id": "T045848"
                }
              },
              {
                "category": "product_version",
                "name": "2.48.5",
                "product": {
                  "name": "Open Source WebKitGTK 2.48.5",
                  "product_id": "T045848-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:webkitgtk:webkitgtk:2.48.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.48.0",
                "product": {
                  "name": "Open Source WebKitGTK \u003c2.48.0",
                  "product_id": "T045849"
                }
              },
              {
                "category": "product_version",
                "name": "2.48.0",
                "product": {
                  "name": "Open Source WebKitGTK 2.48.0",
                  "product_id": "T045849-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:webkitgtk:webkitgtk:2.48.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebKitGTK"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31273",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-31273"
    },
    {
      "cve": "CVE-2025-31278",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-31278"
    },
    {
      "cve": "CVE-2025-43211",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43211"
    },
    {
      "cve": "CVE-2025-43212",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43212"
    },
    {
      "cve": "CVE-2025-43216",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43216"
    },
    {
      "cve": "CVE-2025-43227",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43227"
    },
    {
      "cve": "CVE-2025-43228",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43228"
    },
    {
      "cve": "CVE-2025-43240",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43240"
    },
    {
      "cve": "CVE-2025-43265",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-43265"
    },
    {
      "cve": "CVE-2025-6558",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T045848",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-6558"
    },
    {
      "cve": "CVE-2025-24189",
      "product_status": {
        "known_affected": [
          "67646",
          "T045849",
          "T012167",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "398363",
          "T048964",
          "T048963"
        ]
      },
      "release_date": "2025-08-03T22:00:00.000+00:00",
      "title": "CVE-2025-24189"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-31278 (GCVE-0-2025-31278)

WID-SEC-W-2025-1683

WID-SEC-W-2025-1703

Tags

Sightings

Nomenclature