ISN 2025-06: Critical Webkit Vulnerability

First published 21 February 2025

CVSS 3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the WebkitGTK library used in IGEL OS to render web content and UI elements. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

It has been discovered that maliciously crafted web content can crash WebkitGTK processes. This is tracked as CVE-2025-24162 and rated as critical. In addition, processing a file may lead to unexpected app termination or arbitrary code execution (CVE-2024-27856, high), and processing malicious web content can lead to memory corruption (CVE-2024-54543, high). Besides that, a privacy issue allowed remote attackers to fingerprint the user (CVE-2025-24150, high).

Update Instructions

• OS 12: Update to the IGEL OS base system 12.6.0 PR2 patch release when available.

• OS 11: Update to IGEL OS 11.10.250 when available.

References

• WSA-2025-0001: https://webkitgtk.org/security/WSA-2025-0001.html

• CVE-2025-24162 at NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24162