CVE-2025-24150

Опубликовано: 27 янв. 2025

Источник: redhat

CVSS3: 8.8

Описание

A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.

A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling.

Отчет

To exploit this flaw, an attacker needs to trick a user into performing unlikely actions, such as enabling and opening the web inspector in an application and loading malicious web content into it. For this reason, this flaw has been rated with a Moderate severity.

Меры по смягчению последствий

Do not process or load untrusted web content with WebKitGTK.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	webkitgtk	Out of support scope
Red Hat Enterprise Linux 7	webkitgtk3	Out of support scope
Red Hat Enterprise Linux 9	webkit2gtk3	Affected
Red Hat Enterprise Linux 7 Extended Lifecycle Support	webkitgtk4	Fixed	RHSA-2025:10364	07.07.2025
Red Hat Enterprise Linux 8	webkit2gtk3	Fixed	RHSA-2025:2034	03.03.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=2344622webkitgtk: Copying a URL from Web Inspector may lead to command injection

8.8 High

CVSS3

Связанные уязвимости

CVE-2025-24150

CVSS3: 8.8

ubuntu

6 месяцев назад

CVE-2025-24150

CVSS3: 8.8

nvd

6 месяцев назад

CVE-2025-24150

CVSS3: 8.8

debian

6 месяцев назад

A privacy issue was addressed with improved handling of files. This is ...

GHSA-qmjg-q5x7-48p2

CVSS3: 8.8

github

6 месяцев назад

BDU:2025-01558

CVSS3: 8.8

fstec

6 месяцев назад

Уязвимость инструмента проверки веб-страниц Web Inspector операционных систем iOS, iPadOS, macOS и браузера Safari, позволяющая нарушителю выполнить произвольные команды

8.8 High

CVSS3