CVE-2025-13502
📋 TL;DR
This vulnerability in WebKitGTK and WPE WebKit allows remote attackers to cause a denial-of-service (DoS) by crashing the UIProcess through a crafted payload sent to the GLib remote inspector server. It affects systems using these web engines, particularly those with the remote inspector enabled. The flaw involves an out-of-bounds read and integer underflow (CWE-125).
💻 Affected Systems
- WebKitGTK
- WPE WebKit
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete UIProcess crash leading to denial-of-service, potentially disrupting web applications or services relying on WebKitGTK/WPE WebKit.
Likely Case
DoS attack causing application crashes and service disruption for affected web applications.
If Mitigated
Minimal impact if remote inspector is disabled or systems are patched; crashes would be contained to affected processes.
🎯 Exploit Status
Exploitation requires crafting a specific payload to trigger the out-of-bounds read and integer underflow; no public exploit code is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Red Hat advisories (e.g., RHSA-2025:22789, RHSA-2025:22790) for specific patched versions.
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:22789
Restart Required: Yes
Instructions:
1. Update WebKitGTK or WPE WebKit packages using your distribution's package manager. 2. For Red Hat systems, apply the relevant errata via 'yum update' or 'dnf update'. 3. Restart affected services or applications using WebKit.
🔧 Temporary Workarounds
Disable GLib Remote Inspector
linuxDisable the GLib remote inspector server to prevent exploitation via network payloads.
Configure environment variable: export WEBKIT_INSPECTOR_SERVER=0
Or disable in application configuration if supported.
🧯 If You Can't Patch
- Disable or restrict network access to the GLib remote inspector server (e.g., firewall rules).
- Monitor for crash logs or unusual activity in WebKit processes and restart services if needed.
🔍 How to Verify
Check if Vulnerable:
Check installed WebKitGTK or WPE WebKit version against patched versions in Red Hat advisories.Check Version:
On Linux: rpm -q webkit2gtk3 or similar package name for your distribution.Verify Fix Applied:
Verify package version after update matches patched version from vendor advisory.📡 Detection & Monitoring
Log Indicators:
- UIProcess crash logs in system logs (e.g., /var/log/messages)
- WebKit process termination with segmentation fault or similar errors.
Network Indicators:
- Unusual traffic to ports used by GLib remote inspector (default may vary).
SIEM Query:
Search for 'WebKit' or 'UIProcess crash' in application or system logs, combined with network alerts to inspector ports.🔗 References
- https://access.redhat.com/errata/RHSA-2025:22789
- https://access.redhat.com/errata/RHSA-2025:22790
- https://access.redhat.com/errata/RHSA-2025:23110
- https://access.redhat.com/errata/RHSA-2025:23433
- https://access.redhat.com/errata/RHSA-2025:23434
- https://access.redhat.com/errata/RHSA-2025:23451
- https://access.redhat.com/errata/RHSA-2025:23452
- https://access.redhat.com/errata/RHSA-2025:23583
- https://access.redhat.com/errata/RHSA-2025:23591
- https://access.redhat.com/errata/RHSA-2025:23742
- https://access.redhat.com/errata/RHSA-2025:23743
- https://access.redhat.com/security/cve/CVE-2025-13502
- https://bugzilla.redhat.com/show_bug.cgi?id=2416300
