{
  "threat_severity" : "Moderate",
  "public_date" : "2025-01-27T21:46:32Z",
  "bugzilla" : {
    "description" : "webkitgtk: Copying a URL from Web Inspector may lead to command injection",
    "id" : "2344622",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2344622"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-77",
  "details" : [ "A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.", "A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling." ],
  "statement" : "To exploit this flaw, an attacker needs to trick a user into performing unlikely actions, such as enabling and opening the web inspector in an application and loading malicious web content into it. For this reason, this flaw has been rated with a Moderate severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-03-03T00:00:00Z",
    "advisory" : "RHSA-2025:2034",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.46.6-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-03-03T00:00:00Z",
    "advisory" : "RHSA-2025:2125",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "webkit2gtk3-0:2.46.6-1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "webkit2gtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-24150\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24150\nhttps://support.apple.com/en-us/122066\nhttps://support.apple.com/en-us/122068\nhttps://support.apple.com/en-us/122074\nhttps://webkitgtk.org/security/WSA-2025-0001.html" ],
  "name" : "CVE-2025-24150",
  "mitigation" : {
    "value" : "Do not process or load untrusted web content with WebKitGTK.",
    "lang" : "en:us"
  },
  "csaw" : false
}