Back

Critical Vulnerabilities in webkit2gtk3 Affecting openSUSE and SUSE Systems

Severity: High (Score: 72.8)

Sources: Linuxsecurity

Summary

A significant update for webkit2gtk3 has been released to address multiple vulnerabilities, including CVE-2023-43010, CVE-2025-31223, CVE-2025-31277, CVE-2025-43213, CVE-2025-43214, CVE-2025-43433, CVE-2025-43438, and CVE-2025-43441. These vulnerabilities can lead to memory corruption and unexpected crashes when processing maliciously crafted web content. The update is crucial for users of openSUSE Leap 15.4 and SUSE Linux Enterprise systems. The vulnerabilities were disclosed between 2023 and 2025, with some being actively exploited, particularly CVE-2025-31277, which was added to the CISA KEV list on March 20, 2026. The patch is available through standard SUSE installation methods. Users are urged to apply the update promptly to mitigate potential risks. The overall impact is significant, affecting a wide range of systems reliant on webkit2gtk3. Key Points: • Multiple critical vulnerabilities in webkit2gtk3 require immediate patching. • CVE-2025-31277 is actively exploited, increasing urgency for updates. • Affected systems include openSUSE Leap 15.4 and various SUSE Linux Enterprise versions.

Key Entities

  • Denial of Service (attack_type)
  • CVE-2023-42843 (cve)
  • CVE-2023-43010 (cve)
  • CVE-2024-54658 (cve)
  • CVE-2025-13502 (cve)
  • CVE-2025-31223 (cve)
  • OpenSUSE (company)
  • SuSE (company)
  • OpenSUSE Leap 15.4 (platform)
  • SUSE Linux Enterprise High Performance Computing Espos 15 SP4 (platform)
  • SUSE Linux Enterprise High Performance Computing Espos 15 SP5 (platform)
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (platform)
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed