CVE-2025-13947
📋 TL;DR
This vulnerability in WebKitGTK allows attackers to trick users into dragging files from their local system into a malicious webpage, which can then read those files. This affects any system running vulnerable versions of WebKitGTK-based browsers like Epiphany or applications embedding WebKitGTK. Users must be tricked into performing a drag-and-drop action.
💻 Affected Systems
- WebKitGTK
- Epiphany browser
- Applications using WebKitGTK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could exfiltrate sensitive files like SSH keys, configuration files, or documents from the user's system if the user drags them onto a malicious webpage.
Likely Case
Attackers could steal commonly accessed documents or files through social engineering campaigns tricking users into dragging files.
If Mitigated
With user awareness training and proper browser security settings, the risk is reduced as users would avoid dragging files onto untrusted sites.
🎯 Exploit Status
Exploitation requires social engineering to trick users into dragging files; no authentication needed but user interaction is mandatory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Red Hat advisories (e.g., RHSA-2025:22789) for specific patched versions
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:22789
Restart Required: Yes
Instructions:
1. Update WebKitGTK packages using your distribution's package manager. 2. For Red Hat systems: 'yum update webkitgtk'. 3. Restart affected browsers or applications.
🔧 Temporary Workarounds
Disable drag-and-drop in browser
linuxConfigure browser settings to disable or restrict drag-and-drop functionality, though this may break legitimate use cases.
Use alternative browser
allTemporarily switch to a non-WebKitGTK-based browser until patches are applied.
🧯 If You Can't Patch
- Educate users to avoid dragging files from their system onto webpages, especially from untrusted sources.
- Implement application whitelisting to restrict execution of untrusted web applications.
🔍 How to Verify
Check if Vulnerable:
Check WebKitGTK version against patched versions in Red Hat advisories; e.g., 'rpm -q webkitgtk' on Red Hat systems.Check Version:
rpm -q webkitgtk || apt list --installed | grep webkitgtkVerify Fix Applied:
Verify the installed WebKitGTK version matches or exceeds the patched version listed in vendor advisories.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from browser processes
- Failed attempts to read restricted files via browser
Network Indicators:
- Unexpected outbound connections from browser to external servers after file drag events
SIEM Query:
Search for browser process accessing sensitive file paths (e.g., /home/*/.ssh/*) followed by network connections.🔗 References
- https://access.redhat.com/errata/RHSA-2025:22789
- https://access.redhat.com/errata/RHSA-2025:22790
- https://access.redhat.com/errata/RHSA-2025:23110
- https://access.redhat.com/errata/RHSA-2025:23433
- https://access.redhat.com/errata/RHSA-2025:23434
- https://access.redhat.com/errata/RHSA-2025:23451
- https://access.redhat.com/errata/RHSA-2025:23452
- https://access.redhat.com/errata/RHSA-2025:23583
- https://access.redhat.com/errata/RHSA-2025:23591
- https://access.redhat.com/errata/RHSA-2025:23742
- https://access.redhat.com/errata/RHSA-2025:23743
- https://access.redhat.com/security/cve/CVE-2025-13947
- https://bugzilla.redhat.com/show_bug.cgi?id=2418576
