A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
Tigervnc
  • Tigervnc
X.org
  • X Server
  • Xwayland

Configuration 1 [-]

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 10
xorg-x11-server-Xwayland-0:24.1.5-3.el10_0 cpe:/o:redhat:enterprise_linux:10.0 RHSA-2025:7458 2025-05-13T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
tigervnc-0:1.8.0-36.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2025:2861 2025-03-17T00:00:00Z
xorg-x11-server-0:1.20.4-30.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2025:2879 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8
tigervnc-0:1.13.1-15.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2025:2502 2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.13 cpe:/a:redhat:rhel_aus:8.2 RHSA-2025:2866 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_aus:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_tus:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
tigervnc-0:1.11.0-8.el8_4.12 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2025:2865 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_aus:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_tus:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
tigervnc-0:1.12.0-6.el8_6.13 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2025:2880 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
tigervnc-0:1.12.0-15.el8_8.12 cpe:/a:redhat:rhel_eus:8.8 RHSA-2025:2862 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9
tigervnc-0:1.14.1-1.el9_5.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:2500 2025-03-10T00:00:00Z
xorg-x11-server-0:1.20.11-28.el9_6 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:7163 2025-05-13T00:00:00Z
xorg-x11-server-Xwayland-0:23.2.7-3.el9_6 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:7165 2025-05-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
tigervnc-0:1.11.0-22.el9_0.13 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2025:2873 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
tigervnc-0:1.12.0-14.el9_2.10 cpe:/a:redhat:rhel_eus:9.2 RHSA-2025:2874 2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
tigervnc-0:1.13.1-8.el9_4.5 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:2875 2025-03-17T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:2500 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2502 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2862 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2873 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2874 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2875 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2879 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2880 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7163 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7165 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7458 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-26594 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2345248 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-26594 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-26594 cve-icon
History

Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.0
References

Tue, 13 May 2025 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::crb
References

Thu, 08 May 2025 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*		 cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Mon, 17 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6

Mon, 17 Mar 2025 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Mon, 17 Mar 2025 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Mon, 17 Mar 2025 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.4::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_tus:8.4::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Mon, 17 Mar 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 11 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9

Mon, 10 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 04 Mar 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland
CPEs cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Tigervnc
Tigervnc tigervnc
X.org
X.org x Server
X.org xwayland

Wed, 26 Feb 2025 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 25 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
Description A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
Title X.org: xwayland: use-after-free of the root cursor
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T17:21:04.895Z

Reserved: 2025-02-12T14:12:22.795Z

Link: CVE-2025-26594

cve-icon Vulnrichment

Updated: 2025-02-25T20:14:10.810Z

cve-icon NVD

Status : Modified

Published: 2025-02-25T16:15:38.227

Modified: 2025-05-13T20:15:26.200

Link: CVE-2025-26594

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-25T00:00:00Z

Links: CVE-2025-26594 - Bugzilla

cve-icon OpenCVE Enrichment

No data.