๐Ÿ” CVE Alert

CVE-2025-49175

MEDIUM 6.1

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

CWE CWE-125
Vendor x.org
Product xwayland
Published Jun 17, 2025
Last Updated Dec 11, 2025
Stay Ahead of the Next One

Get instant alerts for x.org xwayland

Be the first to know when new medium vulnerabilities affecting x.org xwayland are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Affected Versions

X.Org / xwayland
0 < 24.1.8
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
All versions affected
Red Hat / Red Hat Enterprise Linux 7.7 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10258 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10342 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10343 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10344 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10346 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10347 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10348 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10349 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10350 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10351 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10352 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10355 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10356 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10360 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10370 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10374 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10375 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10376 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10377 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10378 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10381 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10410 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9303 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9304 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9305 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9306 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9392 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9964 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-49175 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2369947 gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024 x.org: https://www.x.org/wiki/Development/Security/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html

Credits

Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.