A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References
Link Providers
https://access.redhat.com/errata/RHSA-2025:10258 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10342 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10343 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10344 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10346 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10347 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10348 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10349 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10350 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10351 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10352 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10355 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10356 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10360 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10370 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10374 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10375 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10376 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10377 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10378 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10381 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10410 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9303 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9304 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9305 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9306 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9392 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:9964 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-49178 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2369977 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-49178 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-49178 cve-icon
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00014}

epss

{'score': 0.00029}


Mon, 07 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:8.8
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_e4s:9.2
cpe:/a:redhat:rhel_eus_long_life:8.4
cpe:/a:redhat:rhel_eus_long_life:8.6
cpe:/a:redhat:rhel_eus_long_life:8.8
cpe:/a:redhat:rhel_tus:8.6
cpe:/a:redhat:rhel_tus:8.8
cpe:/o:redhat:rhel_aus:7.7

Mon, 07 Jul 2025 14:30:00 +0000


Mon, 07 Jul 2025 08:30:00 +0000


Mon, 07 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products Redhat rhel E4s
Redhat rhel Eus Long Life
Redhat rhel Tus
References

Thu, 03 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4

Wed, 02 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 01 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2

Mon, 30 Jun 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
Vendors & Products Redhat rhel Aus
References

Mon, 30 Jun 2025 15:00:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Important

threat_severity

Moderate


Mon, 23 Jun 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Mon, 23 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9

Mon, 23 Jun 2025 06:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10.0
References

Wed, 18 Jun 2025 15:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Tue, 17 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 17 Jun 2025 15:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Title Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-667
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:28:12.515Z

Reserved: 2025-06-03T05:38:02.947Z

Link: CVE-2025-49178

cve-icon Vulnrichment

Updated: 2025-06-17T15:05:21.157Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-17T15:15:45.813

Modified: 2025-07-07T15:15:26.997

Link: CVE-2025-49178

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-06-17T00:00:00Z

Links: CVE-2025-49178 - Bugzilla

cve-icon OpenCVE Enrichment

No data.