CVE-2025-66287 HIGH

CVE-2025-66287: Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash

Vendor The Webkitgtk Team
Product WebKitGTK
Weakness CWE-120
Published December 4, 2025
Last update December 22, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

Key dates

02Disclosure timeline

December 4, 2025 CVE published
December 22, 2025 Record updated