Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-43240

Опубликовано: 29 июл. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file.

Отчет

To exploit this flaw, an attacker needs to trick a user into visiting a malicious website.

Меры по смягчению последствий

Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp. This vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction. To mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface. Additionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Affected
Red Hat Enterprise Linux 7webkitgtk4Affected
Red Hat Enterprise Linux 8webkit2gtk3Affected
Red Hat Enterprise Linux 9webkit2gtk3Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-703
https://bugzilla.redhat.com/show_bug.cgi?id=2384385webkitgtk: A download’s origin may be incorrectly associated

EPSS

Процентиль: 1%
0.00013
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-43240

CVSS3: 6.2
ubuntu
20 дней назад

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.

nvd логотип

CVE-2025-43240

CVSS3: 6.2
nvd
20 дней назад

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.

debian логотип

CVE-2025-43240

CVSS3: 6.2
debian
20 дней назад

A logic issue was addressed with improved checks. This issue is fixed ...

github логотип

GHSA-2c58-jp5q-q38f

CVSS3: 6.2
github
20 дней назад

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. A download's origin may be incorrectly associated.

EPSS

Процентиль: 1%
0.00013
Низкий

6.5 Medium

CVSS3