Out-of-Bounds Read Vulnerability in X Rendering Extension of Red Hat Products
CVE-2025-49175

6.1MEDIUM

Key Information:

Vendor

X.org

Status
Xwayland
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7.7 Advanced Update Support
Vendor
CVE Published:
17 June 2025

What is CVE-2025-49175?

An identified flaw within the X Rendering extension compromises the handling of animated cursors. If a client omits cursor data, the server mistakenly assumes that at least one cursor is present, resulting in an out-of-bounds read. This condition may lead to unexpected behaviors, including possible server crashes, thereby impacting the stability and security of systems leveraging the affected extension.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 10 0:24.1.5-4.el10_0

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.1

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-32.el7_9

References

https://access.redhat.com/errata/RHSA-2025:10258
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10342
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10343
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.
JSON
.