CVE-2025-45663: 
Linux Debian Análise e mitigação de vulnerabilidades

A vulnerability in NetSurf v3.11 was identified and assigned CVE-2025-45663, involving the disclosure of uninitialized memory in the domevent_initialise function. The vulnerability was published on November 3, 2025, and affects various versions of the NetSurf browser (Ubuntu Security, Debian Tracker).

The vulnerability has been assigned a CVSS 3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L. The issue specifically involves the application reading uninitialized heap memory during the creation of a dom_event structure (Ubuntu Security).

The vulnerability leads to potential disclosure of uninitialized memory contents, which could result in information leakage. The CVSS scoring indicates low impacts on both confidentiality and availability, with no impact on integrity (Ubuntu Security).

The vulnerability affects multiple versions of NetSurf, including version 3.10-1 in Debian bookworm and bullseye, as well as version 3.11-2 in forky, sid, and trixie distributions. As of the latest reports, the issue remains unfixed (Debian Tracker).