planet.webkitgtk.org
webkit.org
GNOME.org
WebKitGTK

WebKitGTK and WPE WebKit Security Advisory WSA-2025-0008

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2023-43000
    • Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
    • Credit to Apple.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 255951
  • CVE-2025-43392
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Tom Van Goethem.
    • Impact: A website may exfiltrate image data cross-origin. Description: The issue was addressed with improved handling of caches.
    • WebKit Bugzilla: 297566
  • CVE-2025-43419
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.0.
    • Credit to Ignacio Sanmillan (@ulexec).
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 293895
  • CVE-2025-43425
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to an anonymous researcher.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298851
  • CVE-2025-43427
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Gary Kwong, rheza (@ginggilBesel).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 298628
  • CVE-2025-43429
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow was addressed with improved bounds checking.
    • WebKit Bugzilla: 298232
  • CVE-2025-43430
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 298196
  • CVE-2025-43431
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298194
  • CVE-2025-43432
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 299313
  • CVE-2025-43434
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 297958
  • CVE-2025-43440
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Nan Wang (@eternalsakura13).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed with improved checks.
    • WebKit Bugzilla: 298126
  • CVE-2025-43443
    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to an anonymous researcher.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed with improved checks.
    • WebKit Bugzilla: 299843
  • CVE-2025-43480
    • Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
    • Credit to Aleksejs Popovs.
    • Impact: A malicious website may exfiltrate data cross-origin. Description: The issue was addressed with improved checks.
    • WebKit Bugzilla: 276208

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

Latest News
Security Advisories
Releases
Documentation
Contact
Contribute