CVE-2025-43342

NameCVE-2025-43342
DescriptionA correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
webkit2gtk (PTS)bullseye2.44.2-1~deb11u1vulnerable
bullseye (security)2.48.5-1~deb11u1vulnerable
bookworm, bookworm (security)2.48.5-1~deb12u1vulnerable
trixie (security), trixie2.48.5-1~deb13u1vulnerable
forky2.48.6-1vulnerable
sid2.50.0-1fixed
wpewebkit (PTS)bullseye (security), bullseye2.38.6-1~deb11u1vulnerable
bookworm2.38.6-1vulnerable
trixie2.48.3-1vulnerable
forky2.48.6-2vulnerable
sid2.50.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
webkit2gtksource(unstable)2.50.0-1
wpewebkitsourcebullseye(unfixed)end-of-life
wpewebkitsource(unstable)2.50.0-1

Notes

[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
https://webkitgtk.org/security/WSA-2025-0006.html
Search for package or bug name: Reporting problems