TencentOS Server 3: webkit2gtk3 (TSSA-2025:1000)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

TencentOS Server 3 webkit2gtk3 outdated; updates fix multiple WebKitGTK/WPE vulnerabilities.

Reporter	Title	Published	Views	Family All 556
Tenable Nessus	Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3114 (ALAS-2025-3114)	5 Jan 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : webkit2gtk3 (ALSA-2025:22789)	9 Dec 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : webkit2gtk3 (ALSA-2025:22790)	9 Dec 202500:00	–	nessus
Tenable Nessus	Apple TV < 26.1 Multiple Vulnerabilities (125637)	12 Nov 202500:00	–	nessus
Tenable Nessus	Apple iOS < 18.7.2 Multiple Vulnerabilities (125633)	5 Nov 202500:00	–	nessus
Tenable Nessus	Apple iOS < 26.1 Multiple Vulnerabilities (125632)	3 Nov 202500:00	–	nessus
Tenable Nessus	Debian dla-4394 : gir1.2-javascriptcoregtk-4.0 - security update	4 Dec 202500:00	–	nessus
Tenable Nessus	Debian dla-4399 : gir1.2-javascriptcoregtk-4.0 - security update	10 Dec 202500:00	–	nessus
Tenable Nessus	Debian dsa-6070 : gir1.2-javascriptcoregtk-4.0 - security update	4 Dec 202500:00	–	nessus
Tenable Nessus	Debian dsa-6074 : gir1.2-javascriptcoregtk-4.0 - security update	9 Dec 202500:00	–	nessus

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20251000.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2025:1000.
##

include('compat.inc');

if (description)
{
  script_id(284634);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2025-13502",
    "CVE-2025-13947",
    "CVE-2025-43392",
    "CVE-2025-43421",
    "CVE-2025-43425",
    "CVE-2025-43427",
    "CVE-2025-43429",
    "CVE-2025-43430",
    "CVE-2025-43431",
    "CVE-2025-43432",
    "CVE-2025-43434",
    "CVE-2025-43440",
    "CVE-2025-43443",
    "CVE-2025-43458",
    "CVE-2025-66287"
  );
  script_xref(name:"IAVA", value:"2025-A-0901");

  script_name(english:"TencentOS Server 3: webkit2gtk3 (TSSA-2025:1000)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1000 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2025-13502:
    A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer
    underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

    CVE-2025-13947:
    A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that
    can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where
    WebKitGTK does not verify that drag operations originate from outside the browser.

    CVE-2025-43392:
    The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS
    18.7.2. A website may exfiltrate image data cross-origin.

    CVE-2025-43421:
    Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and
    iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an
    unexpected process crash.

    CVE-2025-43425:
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1,
    watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to
    an unexpected process crash.

    CVE-2025-43427:
    This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS
    26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an
    unexpected process crash.

    CVE-2025-43429:
    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and
    iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.

    CVE-2025-43430:
    This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS
    26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may
    lead to an unexpected process crash.

    CVE-2025-43431:
    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS
    18.7.2. Processing maliciously crafted web content may lead to memory corruption.

    CVE-2025-43432:
    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1,
    visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web
    content may lead to an unexpected process crash.

    CVE-2025-43434:
    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2
    and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

    CVE-2025-43440:
    This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS
    26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an
    unexpected process crash.

    CVE-2025-43443:
    This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2.
    Processing maliciously crafted web content may lead to an unexpected process crash.

    CVE-2025-43458:
    This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS
    18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.

    CVE-2025-66287:
    A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due
    to improper memory handling.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20251000.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-66287");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:webkit2gtk3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'webkit2gtk3-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-debuginfo-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-debuginfo-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-debugsource-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-debugsource-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-devel-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-devel-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-devel-debuginfo-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-devel-debuginfo-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-debuginfo-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-debuginfo-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-devel-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-devel-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.50.3-1.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.50.3-1.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3 / webkit2gtk3-debuginfo / webkit2gtk3-debugsource / etc');
}

14 Jan 2026 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 3.18.8

EPSS0.00115

SSVC