A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
Loading...
Loading...
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2025-12-04. NVD baseline CVSS 8.8; sources differ by 0.0.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
December 4, 2025
April 15, 2026
Affected: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Serv
https://access.redhat.com/errata/RHSA-2025:23742Affected: Red Hat Enterprise Linux 9.4 Extended Update Support.
https://access.redhat.com/errata/RHSA-2025:23591Affected: Red Hat Enterprise Linux 7 Extended Lifecycle Support.
https://access.redhat.com/errata/RHSA-2025:23583Affected: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
https://access.redhat.com/errata/RHSA-2025:23452Affected: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
https://access.redhat.com/errata/RHSA-2025:23451Affected: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support
https://access.redhat.com/errata/RHSA-2025:23434Affected: Red Hat Enterprise Linux 8.2 Advanced Update Support.
https://access.redhat.com/errata/RHSA-2025:23433Affected: Red Hat Enterprise Linux 9.6 Extended Update Support.
https://access.redhat.com/errata/RHSA-2025:23110Affected: Red Hat Enterprise Linux 9.
https://access.redhat.com/errata/RHSA-2025:22790Affected: Red Hat Enterprise Linux 8.
https://access.redhat.com/errata/RHSA-2025:22789| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | webkitgtk-webdriver (2.50.3-0ubuntu0.25.04.1) @ plucky | 2026-05-21 | ubuntu |
| redhat | webkit2gtk3-0:2.50.3-2.el8_6 | 2025-12-22 | redhat |
| redhat | webkit2gtk3-0:2.50.3-2.el8_8 | 2025-12-22 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el9_4 | 2025-12-18 | redhat |
| redhat | webkitgtk4-0:2.50.3-2.el7_9 | 2025-12-18 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el9_0 | 2025-12-17 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el9_2 | 2025-12-17 | redhat |
| redhat | webkit2gtk3-0:2.50.3-2.el8_2 | 2025-12-17 | redhat |
| redhat | webkit2gtk3-0:2.50.3-2.el8_4 | 2025-12-17 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el9_6 | 2025-12-11 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el9_7 | 2025-12-08 | redhat |
| redhat | webkit2gtk3-0:2.50.3-1.el8_10 | 2025-12-08 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
RHSA-2025:22789 — Important
RHSA-2025:22790 — Important
RHSA-2025:23110 — Important
RHSA-2025:23433 — Important
RHSA-2025:23434 — Important
RHSA-2025:23451 — Important
RHSA-2025:23452 — Important
RHSA-2025:23583 — Important
RHSA-2025:23591 — Important
RHSA-2025:23742 — Important
RHSA-2025:23743 — Important
WebKitGTK vulnerabilities
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2025-66287
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
redhat
CWE-120