Denial of Service Vulnerability in X Server by Red Hat
CVE-2025-49178

5.5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7.7 Advanced Update Support
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Vendor
CVE Published:
17 June 2025

What is CVE-2025-49178?

A vulnerability in the X server's request handling mechanism has been identified, which allows the potential for a denial of service. The flaw occurs when a client's request contains a non-zero 'bytes to ignore' value, resulting in the server erroneously bypassing the processing of requests from other clients. This can lead to impaired functionality and accessibility of services that rely on the X server for graphical interface operations.

Affected Version(s)

Red Hat Enterprise Linux 10 0:24.1.5-4.el10_0

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.1

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-32.el7_9

References

https://access.redhat.com/errata/RHSA-2025:10258
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10342
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10343
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.