๐Ÿ” CVE Alert

CVE-2025-49176

HIGH 7.3

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

CWE CWE-190
Vendor x.org
Product xwayland
Published Jun 17, 2025
Last Updated Dec 11, 2025
Stay Ahead of the Next One

Get instant alerts for x.org xwayland

Be the first to know when new high vulnerabilities affecting x.org xwayland are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Affected Versions

X.Org / xwayland
0 < 24.1.7
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
All versions affected
Red Hat / Red Hat Enterprise Linux 7.7 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10258 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10342 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10343 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10344 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10346 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10347 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10348 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10349 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10350 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10351 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10352 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10355 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10356 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10360 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10370 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10374 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10375 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10376 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10377 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10378 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10381 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10410 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9303 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9304 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9305 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9306 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9392 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9964 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-49176 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2369954 gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9 gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1 x.org: https://www.x.org/wiki/Development/Security/ openwall.com: http://www.openwall.com/lists/oss-security/2025/06/18/2 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html

Credits

Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.