关键漏洞信息 Bug ID: 2418576 (CVE-2025-13947) Summary: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop Product: Security Response Component: vulnerability Status: NEW Priority: high Severity: high OS: Linux Keywords: Security Description This vulnerability allows a malicious website to read arbitrary local files by abusing the file drag-and-drop mechanism in WebKitGTK. The flaw exists because WebKitGTK does not verify that drag operations originate from outside the browser before granting access to the referenced file path. A crafted webpage can prompt the user to perform an innocent-looking drag action that unintentionally exposes sensitive file content accessible to the user account. This results in a remote, user-assisted information disclosure vulnerability that can reveal any file the user is permitted to read.