Memory Corruption Vulnerability in X.Org X Server's X Keyboard Extension
CVE-2025-62231

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-62231?

A flaw in the X.Org X Server's X Keyboard (Xkb) extension allows for improper bounds checking within the XkbSetCompatMap() function. This vulnerability can be exploited by an attacker who sends specially crafted input data, potentially leading to an overflow of an unsigned short value. Such an overflow can result in memory corruption, which may subsequently cause the server to crash, impacting the stability and security of systems relying on the X.Org platform.

References

https://access.redhat.com/security/cve/CVE-2025-62231

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2402660

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 9, 2025

Credit

Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.

JSON