Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 11: Important Crash Advisory for WebKitGTK DLA-4375-1 CVE-2025-43272

debian lts
Calendar Grey November 20, 2025
Dist Debian Esm H88
Debian LTS DLA-4375-1 addresses multiple significant vulnerabilities in WebKitGTK that may cause unexpected crashes or sensor access.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43272

Summary

CVE-2025-43272

Big Bear discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2025-43342

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2025-43343

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2025-43356

Jaydev Ahire discovered that a website may be able to access
sensor information without user consent.

CVE-2025-43368

Pawel Wylecial discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

This WebKitGTK update causes a compatibility problem with older
versions of Evolution when handling e-mail attachments. For this
reason, fixed versions of Evolution have also been released along with
this WebKitGTK update.

For Debian 11 bullseye, these problems have been fixed in version
2.50.1-1~deb11u1.

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: webkit2gtk
Version: 2.50.1-1~deb11u1
CVE ID: CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here