A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0007.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
The WebKitGTK Team WebKitGTK unaffected
Version Status Constraints
0 affected < 2.50.3
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support affected
Version Status Constraints
0:2.50.3-2.el7_9 unaffected < *
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
0:2.50.3-1.el8_10 unaffected < *
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support affected
Version Status Constraints
0:2.50.3-2.el8_2 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support affected
Version Status Constraints
0:2.50.3-2.el8_4 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On affected
Version Status Constraints
0:2.50.3-2.el8_4 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support affected
Version Status Constraints
0:2.50.3-2.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service affected
Version Status Constraints
0:2.50.3-2.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions affected
Version Status Constraints
0:2.50.3-2.el8_6 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service affected
Version Status Constraints
0:2.50.3-2.el8_8 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions affected
Version Status Constraints
0:2.50.3-2.el8_8 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:2.50.3-1.el9_7 unaffected < *
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions affected
Version Status Constraints
0:2.50.3-1.el9_0 unaffected < *
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions affected
Version Status Constraints
0:2.50.3-1.el9_2 unaffected < *
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support affected
Version Status Constraints
0:2.50.3-1.el9_4 unaffected < *
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support affected
Version Status Constraints
0:2.50.3-1.el9_6 unaffected < *
Red Hat Red Hat Enterprise Linux 6 unknown
Red Hat Red Hat Enterprise Linux 7 affected

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Redhat Subscribe
Enterprise Linux Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Eus Long Life Subscribe
Rhel Tus Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4399-1 webkit2gtk security update
Debian DSA Debian DSA DSA-6074-1 webkit2gtk security update
Ubuntu USN Ubuntu USN USN-7941-1 WebKitGTK vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:22789 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22790 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23110 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23433 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23434 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23451 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23452 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23583 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23591 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23743 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-66287 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2418857 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-66287 cve-icon
https://webkitgtk.org/security/WSA-2025-0009.html cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-66287 cve-icon
History

Mon, 22 Dec 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products Redhat rhel Tus
References

Thu, 18 Dec 2025 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Thu, 18 Dec 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
References

Wed, 17 Dec 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Wed, 17 Dec 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
Vendors & Products Redhat rhel E4s
References

Wed, 17 Dec 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Thu, 11 Dec 2025 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
Vendors & Products Redhat rhel Eus
References

Mon, 08 Dec 2025 07:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Mon, 08 Dec 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Fri, 05 Dec 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 04 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Dec 2025 17:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Title Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-120
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-12-22T20:49:59.056Z

Reserved: 2025-11-26T19:02:26.116Z

Link: CVE-2025-66287

cve-icon Vulnrichment

Updated: 2025-12-04T20:55:31.366Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-12-04T17:15:56.647

Modified: 2025-12-22T07:16:07.313

Link: CVE-2025-66287

cve-icon Redhat

Severity : Important

Publid Date: 2025-12-04T00:00:00Z

Links: CVE-2025-66287 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses