Memory Corruption Vulnerability in X.Org X Server's X Keyboard Extension
CVE-2025-62231

7.3HIGH

Key Information:

Vendor

X.org

Status
Xwayland
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Vendor
CVE Published:
30 October 2025

What is CVE-2025-62231?

A flaw in the X.Org X Server's X Keyboard (Xkb) extension allows for improper bounds checking within the XkbSetCompatMap() function. This vulnerability can be exploited by an attacker who sends specially crafted input data, potentially leading to an overflow of an unsigned short value. Such an overflow can result in memory corruption, which may subsequently cause the server to crash, impacting the stability and security of systems relying on the X.Org platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 10 0:24.1.5-5.el10_0

Red Hat Enterprise Linux 10 0:24.1.5-5.el10_1

Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.15

References

https://access.redhat.com/errata/RHSA-2025:19432
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19433
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19434
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.
JSON
.