Use-After-Free Flaw in X.Org X Server's X Keyboard Extension Impacting Red Hat
CVE-2025-62230

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor: CVE Published:; 30 October 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-62230?

A flaw exists in the X.Org X server’s X Keyboard (Xkb) extension that occurs during the cleanup of client resources. Specifically, the software improperly frees certain data structures without detaching the associated resources, which can result in a use-after-free condition. This vulnerability may lead to memory corruption or application crashes when affected clients disconnect, creating potential instability and security issues within the system.

Affected Version(s)

Red Hat Enterprise Linux 10 0:24.1.5-5.el10_0

Red Hat Enterprise Linux 10 0:24.1.5-5.el10_1

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.20.4-33.el7_9

References

https://access.redhat.com/errata/RHSA-2025:19432

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:19433

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:19434

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 9, 2025

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.

.

CVE-2025-62230 : Use-After-Free Flaw in X.Org X Server's X Keyboard Extension Impacting Red Hat