First published 21 February 2025
CVSS 3.1: 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been found in the WebkitGTK library used in IGEL OS to render web content and UI elements. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
It has been discovered that maliciously crafted web content can crash WebkitGTK processes. This is tracked as CVE-2025-24162 and rated as critical. In addition, processing a file may lead to unexpected app termination or arbitrary code execution (CVE-2024-27856, high), and processing malicious web content can lead to memory corruption (CVE-2024-54543, high). Besides that, a privacy issue allowed remote attackers to fingerprint the user (CVE-2025-24150, high).
Update Instructions
-
OS 12: Update to the IGEL OS base system 12.6.0 PR2 patch release when available.
-
OS 11: Update to IGEL OS 11.10.250 when available.
References
-
WSA-2025-0001: https://webkitgtk.org/security/WSA-2025-0001.html
-
CVE-2025-24162 at NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162