Vulnerability-Lookup

CVE-2025-43443 (GCVE-0-2025-43443)

Vulnerability from cvelistv5 – Published: 2025-11-04 01:16 – Updated: 2026-04-02 18:16

Summary

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Processing maliciously crafted web content may lead to an unexpected process crash
CWE-noinfo Not enough information

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125633
https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125638
https://support.apple.com/en-us/125639
https://support.apple.com/en-us/125640

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 26.1 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18.7.2 (custom) Affected: 0 , < 26.1 (custom)
Apple	macOS	Affected: 0 , < 26.1 (custom)
Apple	tvOS	Affected: 0 , < 26.1 (custom)
Apple	visionOS	Affected: 0 , < 26.1 (custom)
Apple	watchOS	Affected: 0 , < 26.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-43443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-04T15:33:25.923119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:53:36.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:31.493Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/125632"
        },
        {
          "url": "https://support.apple.com/en-us/125633"
        },
        {
          "url": "https://support.apple.com/en-us/125634"
        },
        {
          "url": "https://support.apple.com/en-us/125637"
        },
        {
          "url": "https://support.apple.com/en-us/125638"
        },
        {
          "url": "https://support.apple.com/en-us/125639"
        },
        {
          "url": "https://support.apple.com/en-us/125640"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-43443",
    "datePublished": "2025-11-04T01:16:30.980Z",
    "dateReserved": "2025-04-16T15:24:37.125Z",
    "dateUpdated": "2026-04-02T18:16:31.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-43443",
      "date": "2026-06-19",
      "epss": "0.00622",
      "percentile": "0.45052"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-43443\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-11-04T02:15:50.057\",\"lastModified\":\"2026-04-02T19:20:47.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"CFF118CE-3F13-43BE-B250-5579E1C842EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"6D51AEDC-9086-4010-B3BF-C652D65D09C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"3981A7BE-BC98-4C6F-AE38-D68839368925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"7DFD3616-65CA-4E5C-849C-3C20ACBCB610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.1\",\"matchCriteriaId\":\"9F9D7F76-13FB-407C-94E5-221B93021568\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/125632\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125633\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125634\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125637\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125638\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125639\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/125640\",\"source\":\"product-security@apple.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43443\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-04T15:33:25.923119Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-04T15:33:39.966Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.7.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"26.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/125632\"}, {\"url\": \"https://support.apple.com/en-us/125633\"}, {\"url\": \"https://support.apple.com/en-us/125634\"}, {\"url\": \"https://support.apple.com/en-us/125637\"}, {\"url\": \"https://support.apple.com/en-us/125638\"}, {\"url\": \"https://support.apple.com/en-us/125639\"}, {\"url\": \"https://support.apple.com/en-us/125640\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to an unexpected process crash\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-04-02T18:16:31.493Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-43443\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T18:16:31.493Z\", \"dateReserved\": \"2025-04-16T15:24:37.125Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-11-04T01:16:30.980Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-2480

Vulnerability from csaf_certbund - Published: 2025-11-03 23:00 - Updated: 2025-11-13 23:00

Summary

Apple Safari: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Safari ist der auf Apple Geräten eingesetzte Web Browser.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Spoofing-Angriffe durchzuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und Speicherbeschädigungen durchzuführen, was möglicherweise zur Ausführung von beliebigem Code führen kann.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2025-43392

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43421

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43425

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43427

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43429

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43430

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43431

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43432

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43433

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43434

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43435

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43438

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43440

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43441

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43443

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43457

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43458

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43480

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43493

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43502

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

CVE-2025-43503

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Apple Safari <26.1 Apple / Safari		<26.1

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.apple.com/en-us/125640	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Spoofing-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und Speicherbesch\u00e4digungen durchzuf\u00fchren, was m\u00f6glicherweise zur Ausf\u00fchrung von beliebigem Code f\u00fchren kann.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2480 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2480.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2480 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2480"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory 125640 vom 2025-11-03",
        "url": "https://support.apple.com/en-us/125640"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple Safari: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-13T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-14T08:02:23.265+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2480",
      "initial_release_date": "2025-11-03T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-03T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-37679, EUVD-2025-37689"
        },
        {
          "date": "2025-11-13T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: ZDI-25-1007, ZDI-CAN-27825, ZDI-25-1010, ZDI-CAN-27991, ZDI-25-1011, ZDI-CAN-28039"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c26.1",
                "product": {
                  "name": "Apple Safari \u003c26.1",
                  "product_id": "T048285"
                }
              },
              {
                "category": "product_version",
                "name": "26.1",
                "product": {
                  "name": "Apple Safari 26.1",
                  "product_id": "T048285-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apple:safari:26.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Safari"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-43392",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43392"
    },
    {
      "cve": "CVE-2025-43421",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43421"
    },
    {
      "cve": "CVE-2025-43425",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43425"
    },
    {
      "cve": "CVE-2025-43427",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43427"
    },
    {
      "cve": "CVE-2025-43429",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43429"
    },
    {
      "cve": "CVE-2025-43430",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43430"
    },
    {
      "cve": "CVE-2025-43431",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43431"
    },
    {
      "cve": "CVE-2025-43432",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43432"
    },
    {
      "cve": "CVE-2025-43433",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43433"
    },
    {
      "cve": "CVE-2025-43434",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43434"
    },
    {
      "cve": "CVE-2025-43435",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43435"
    },
    {
      "cve": "CVE-2025-43438",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43438"
    },
    {
      "cve": "CVE-2025-43440",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43440"
    },
    {
      "cve": "CVE-2025-43441",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43441"
    },
    {
      "cve": "CVE-2025-43443",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43443"
    },
    {
      "cve": "CVE-2025-43457",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43457"
    },
    {
      "cve": "CVE-2025-43458",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43458"
    },
    {
      "cve": "CVE-2025-43480",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43480"
    },
    {
      "cve": "CVE-2025-43493",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43493"
    },
    {
      "cve": "CVE-2025-43502",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43502"
    },
    {
      "cve": "CVE-2025-43503",
      "product_status": {
        "known_affected": [
          "T048285"
        ]
      },
      "release_date": "2025-11-03T23:00:00.000+00:00",
      "title": "CVE-2025-43503"
    }
  ]
}

WID-SEC-W-2025-2657

Vulnerability from csaf_certbund - Published: 2025-11-20 23:00 - Updated: 2026-03-30 22:00

Summary

WebKitGTK: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um Memory Corruption, Prozessabstürze (DoS) oder Cross-Origin-Datenexfiltration zu verursachen oder potentiell Code auszuführen.

Betroffene Betriebssysteme: - iPhoneOS - MacOS X

CVE-2023-43000

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43392

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43419

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43425

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43427

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43429

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43430

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43431

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43432

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43434

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43440

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43443

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2025-43480

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source WebKitGTK <2.51.2 Open Source / WebKitGTK		<2.51.2
Open Source WebKitGTK <2.50.2 Open Source / WebKitGTK		<2.50.2
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://webkitgtk.org/security/WSA-2025-0008.html	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://lists.debian.org/debian-security-announce…	external
https://access.redhat.com/errata/RHSA-2025:22790	external
https://access.redhat.com/errata/RHSA-2025:22789	external
http://linux.oracle.com/errata/ELSA-2025-22790.html	external
https://ubuntu.com/security/notices/USN-7914-1	external
http://linux.oracle.com/errata/ELSA-2025-22789.html	external
https://errata.build.resf.org/RLSA-2025:22790	external
https://errata.build.resf.org/RLSA-2025:22789	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2025:23451	external
https://access.redhat.com/errata/RHSA-2025:23434	external
https://access.redhat.com/errata/RHSA-2025:23433	external
https://access.redhat.com/errata/RHSA-2025:23452	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2025:23591	external
https://access.redhat.com/errata/RHSA-2025:23583	external
https://access.redhat.com/errata/RHSA-2025:23742	external
https://access.redhat.com/errata/RHSA-2025:23743	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-3114.html	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "WebKitGTK ist ein Webbrowser. Dieser nutzt die WebKit-Engine, die auch von Safari und vielen anderen Apps auf macOS, iOS und Linux verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WebKitGTK ausnutzen, um Memory Corruption, Prozessabst\u00fcrze (DoS) oder Cross-Origin-Datenexfiltration zu verursachen oder potentiell Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS\n- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2657 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2657.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2657 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2657"
      },
      {
        "category": "external",
        "summary": "WebKitGTK and WPE WebKit Security Advisory vom 2025-11-20",
        "url": "https://webkitgtk.org/security/WSA-2025-0008.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-6F3E9E3AF6 vom 2025-11-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-6f3e9e3af6"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4394 vom 2025-12-04",
        "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00005.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6070 vom 2025-12-04",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00236.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22790 vom 2025-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:22790"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22789 vom 2025-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:22789"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-22790 vom 2025-12-09",
        "url": "http://linux.oracle.com/errata/ELSA-2025-22790.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7914-1 vom 2025-12-08",
        "url": "https://ubuntu.com/security/notices/USN-7914-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-22789 vom 2025-12-09",
        "url": "http://linux.oracle.com/errata/ELSA-2025-22789.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:22790 vom 2025-12-09",
        "url": "https://errata.build.resf.org/RLSA-2025:22790"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:22789 vom 2025-12-09",
        "url": "https://errata.build.resf.org/RLSA-2025:22789"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4416-1 vom 2025-12-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023564.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23451 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23451"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23434 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23434"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23433 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23433"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23452 vom 2025-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:23452"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4423-1 vom 2025-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023572.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23591 vom 2025-12-18",
        "url": "https://access.redhat.com/errata/RHSA-2025:23591"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23583 vom 2025-12-18",
        "url": "https://access.redhat.com/errata/RHSA-2025:23583"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23742 vom 2025-12-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:23742"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:23743 vom 2025-12-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:23743"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0021-1 vom 2026-01-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023667.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3114 vom 2026-01-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3114.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20065-1 vom 2026-01-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ULXFWAFLRDFOQMJN6XHGEUVRUWFAEJJC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20102-1 vom 2026-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023882.html"
      },
      {
        "category": "external",
        "summary": "CISA KEV CVE-2023-43000 vom 2026-03-06",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1139-1 vom 2026-03-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025063.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1150-1 vom 2026-03-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025065.html"
      }
    ],
    "source_lang": "en-US",
    "title": "WebKitGTK: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-30T22:00:00.000+00:00",
      "generator": {
        "date": "2026-03-31T09:59:31.499+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2657",
      "initial_release_date": "2025-11-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-12-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-12-07T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-12-08T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
        },
        {
          "date": "2025-12-16T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2025-12-17T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2025-12-21T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-05T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-01-22T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-05T23:00:00.000+00:00",
          "number": "12",
          "summary": "Exploit CVE-2023-43000"
        },
        {
          "date": "2026-03-30T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.50.2",
                "product": {
                  "name": "Open Source WebKitGTK \u003c2.50.2",
                  "product_id": "T048823"
                }
              },
              {
                "category": "product_version",
                "name": "2.50.2",
                "product": {
                  "name": "Open Source WebKitGTK 2.50.2",
                  "product_id": "T048823-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:webkitgtk:webkitgtk:2.50.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.51.2",
                "product": {
                  "name": "Open Source WebKitGTK \u003c2.51.2",
                  "product_id": "T048825"
                }
              },
              {
                "category": "product_version",
                "name": "2.51.2",
                "product": {
                  "name": "Open Source WebKitGTK 2.51.2",
                  "product_id": "T048825-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:webkitgtk:webkitgtk:2.51.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebKitGTK"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-43000",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2023-43000"
    },
    {
      "cve": "CVE-2025-43392",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43392"
    },
    {
      "cve": "CVE-2025-43419",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43419"
    },
    {
      "cve": "CVE-2025-43425",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43425"
    },
    {
      "cve": "CVE-2025-43427",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43427"
    },
    {
      "cve": "CVE-2025-43429",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43429"
    },
    {
      "cve": "CVE-2025-43430",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43430"
    },
    {
      "cve": "CVE-2025-43431",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43431"
    },
    {
      "cve": "CVE-2025-43432",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43432"
    },
    {
      "cve": "CVE-2025-43434",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43434"
    },
    {
      "cve": "CVE-2025-43440",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43440"
    },
    {
      "cve": "CVE-2025-43443",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43443"
    },
    {
      "cve": "CVE-2025-43480",
      "product_status": {
        "known_affected": [
          "T048825",
          "T048823",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2025-11-20T23:00:00.000+00:00",
      "title": "CVE-2025-43480"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-43443 (GCVE-0-2025-43443)

WID-SEC-W-2025-2480

WID-SEC-W-2025-2657

Tags

Sightings

Nomenclature