Vulnerability DatabaseCVE-2025-13639

CVE-2025-13639:
vulnerability analysis and mitigation

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.1

Score

Published December 2, 2025

Severity HIGH

CNA Score 8.1

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 9.8

Exploitation Probability (EPSS) N/A

Affected packages and libraries

cef-debuginfo
chromium-headless-debuginfo

Sources

Chainguard
- Chainguard Has FixAdded at: Dec 12, 2025
Debian Security Tracker
- Debian 11 Severity HIGHNo FixAdded at: Dec 03, 2025
- Debian 12, 13, 14 Severity HIGHHas FixAdded at: Dec 03, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Dec 03, 2025
Nix
- Nix Severity HIGHHas FixAdded at: Dec 07, 2025
VulnCheck NVD++
- Linux Has FixAdded at: Dec 04, 2025
- Windows Has FixAdded at: Dec 04, 2025
Wolfi
- Wolfi Has FixAdded at: Dec 12, 2025
NVD
- Linux Severity HIGHHas FixAdded at: Dec 07, 2025
- Windows Severity HIGHHas FixAdded at: Dec 07, 2025