Use-After-Free Flaw in X.Org X Server's X Keyboard Extension Impacting Red Hat
CVE-2025-62230

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-62230?

A flaw exists in the X.Org X server’s X Keyboard (Xkb) extension that occurs during the cleanup of client resources. Specifically, the software improperly frees certain data structures without detaching the associated resources, which can result in a use-after-free condition. This vulnerability may lead to memory corruption or application crashes when affected clients disconnect, creating potential instability and security issues within the system.

References

https://access.redhat.com/security/cve/CVE-2025-62230

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2402653

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 9, 2025

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.

JSON