CVE ID: CVE-2025-13502, CVE-2025-13502 Component: WebKitGTK / WPE WebKit Vulnerability Type: Out-of-bounds read and integer underflow vulnerability Impact: Leading to Denial of Service (DoS) Severity: High Priority: High OS: Linux Status: New Description: Vulnerability in GLib remote inspector server of WebKitGTK and WPE WebKit. function uses over framed, peer-controlled data without constraining the scan to the declared . A crafted payload with a NUL terminator within the causes the function to read beyond the frame boundary, leading to an out-of-bounds read and UIProcess crash (DoS). Computed is not validated, risking integer underflow. Remote, unauthenticated client can trigger this condition when the remote inspector server is enabled and reachable. Feature is primarily for debugging and disabled by default, limiting practical exposure.