CVE-2025-49175
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-12-11
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Out-of-Bounds Read issue in the X Rendering extension's handling of animated cursors within the xorg-x11-server, particularly affecting Xwayland and tigervnc components. The problem occurs because the server expects at least one cursor from the client, but if the client provides none, the server reads beyond the intended memory bounds, which can lead to a crash of the X server. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the X server to crash, leading to denial of service on affected Linux systems running vulnerable versions of xorg-x11-server. This can disrupt normal operations and availability of graphical environments relying on Xwayland or tigervnc. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the xorg-x11-server package to a version that includes the fix for CVE-2025-49175. Since the issue affects Xwayland and tigervnc components on Linux systems, ensure these components are also updated. Avoid running untrusted clients that might send zero cursors to the X server until the patch is applied. [1]