Skip to main content
Skip table of contents

ISN 2025-32: Webkit Vulnerabilities

First published 12 August 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Webkit, a web browser engine used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Webkit contains three vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (CVE-2025-24189, CVE-2025-31273, CVE-2025-31278, all high). CVE-2025-43227, rated high, may disclose sensitive user information. Finally, malicious web content can lead to an application crash (CVE-2025-6558, high).

Google is aware that an exploit for CVE-2025-6558 exists in the wild.

Update Instructions

  • OS 12: Update to IGEL OS 12 Base system app version 12.8.1 when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.11.100 when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.