{
  "threat_severity" : "Moderate",
  "public_date" : "2025-01-27T21:45:49Z",
  "bugzilla" : {
    "description" : "webkitgtk: Processing web content may lead to a denial-of-service",
    "id" : "2344623",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2344623"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Processing web content may lead to a denial-of-service.", "A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling." ],
  "statement" : "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-03-03T00:00:00Z",
    "advisory" : "RHSA-2025:2034",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.46.6-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-07-18T00:00:00Z",
    "advisory" : "RHSA-2023:4201",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.38.5-1.el9_2.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-24158\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24158\nhttps://support.apple.com/en-us/122066\nhttps://support.apple.com/en-us/122068\nhttps://support.apple.com/en-us/122071\nhttps://support.apple.com/en-us/122072\nhttps://support.apple.com/en-us/122073\nhttps://support.apple.com/en-us/122074\nhttps://webkitgtk.org/security/WSA-2025-0001.html" ],
  "name" : "CVE-2025-24158",
  "mitigation" : {
    "value" : "Do not process or load untrusted web content with WebKitGTK.",
    "lang" : "en:us"
  },
  "csaw" : false
}