CVE-2025-49180 - Vulnerability Details

CVE-2025-49180 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
xorg-x11-server-Xwayland-0:24.1.5-4.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:9304	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
tigervnc-0:1.1.0-25.el6_10.1	cpe:/o:redhat:rhel_els:6	RHSA-2025:10377	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
tigervnc-0:1.8.0-17.el7_7.1	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:10376	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
xorg-x11-server-0:1.20.4-32.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:10360	2025-07-07T00:00:00Z
tigervnc-0:1.8.0-36.el7_9.2	cpe:/o:redhat:rhel_els:7	RHSA-2025:10375	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8
xorg-x11-server-0:1.20.11-26.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:9305	2025-06-23T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-18.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:9305	2025-06-23T00:00:00Z
tigervnc-0:1.15.0-7.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:9392	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
tigervnc-0:1.9.0-15.el8_2.14	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:10378	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.6-4.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:9964	2025-06-30T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
xorg-x11-server-0:1.20.10-2.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:10342	2025-07-07T00:00:00Z
tigervnc-0:1.11.0-8.el8_4.13	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:10349	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support EXTENSION
xorg-x11-server-0:1.20.10-2.el8_4	cpe:/a:redhat:rhel_eus_long_life:8.4	RHSA-2025:10342	2025-07-07T00:00:00Z
tigervnc-0:1.11.0-8.el8_4.13	cpe:/a:redhat:rhel_eus_long_life:8.4	RHSA-2025:10349	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
tigervnc-0:1.12.0-6.el8_6.14	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:10344	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-2.el8_6.4	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:10346	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.11-5.el8_6.3	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:10356	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION
tigervnc-0:1.12.0-6.el8_6.14	cpe:/a:redhat:rhel_eus_long_life:8.6	RHSA-2025:10344	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-2.el8_6.4	cpe:/a:redhat:rhel_eus_long_life:8.6	RHSA-2025:10346	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
tigervnc-0:1.12.0-6.el8_6.14	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:10344	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-2.el8_6.4	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:10346	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.11-5.el8_6.3	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:10356	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
tigervnc-0:1.12.0-6.el8_6.14	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:10344	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-2.el8_6.4	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:10346	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.11-5.el8_6.3	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:10356	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION
xorg-x11-server-0:1.20.11-16.el8_8	cpe:/a:redhat:rhel_eus_long_life:8.8	RHSA-2025:10343	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-11.el8_8	cpe:/a:redhat:rhel_eus_long_life:8.8	RHSA-2025:10370	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
xorg-x11-server-0:1.20.11-16.el8_8	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:10343	2025-07-07T00:00:00Z
tigervnc-0:1.12.0-15.el8_8.14	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:10355	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-11.el8_8	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:10370	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
xorg-x11-server-0:1.20.11-16.el8_8	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:10343	2025-07-07T00:00:00Z
tigervnc-0:1.12.0-15.el8_8.14	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:10355	2025-07-07T00:00:00Z
xorg-x11-server-Xwayland-0:21.1.3-11.el8_8	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:10370	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 9
xorg-x11-server-0:1.20.11-31.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:9303	2025-06-23T00:00:00Z
xorg-x11-server-Xwayland-0:23.2.7-4.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:9303	2025-06-23T00:00:00Z
tigervnc-0:1.14.1-8.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:9306	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
xorg-x11-server-Xwayland-0:21.1.3-3.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:10348	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.11-11.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:10352	2025-07-07T00:00:00Z
tigervnc-0:1.11.0-22.el9_0.15	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:10381	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
xorg-x11-server-Xwayland-0:21.1.3-8.el9_2	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:10347	2025-07-07T00:00:00Z
xorg-x11-server-0:1.20.11-18.el9_2	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:10350	2025-07-07T00:00:00Z
tigervnc-0:1.12.0-14.el9_2.12	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:10410	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
xorg-x11-server-Xwayland-0:22.1.9-6.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:10258	2025-07-02T00:00:00Z
xorg-x11-server-0:1.20.11-26.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:10351	2025-07-07T00:00:00Z
tigervnc-0:1.13.1-8.el9_4.7	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:10374	2025-07-07T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4230-1	xorg-server security update
Debian DSA	DSA-5947-1	xorg-server security update
EUVD	EUVD-2025-18511	A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Ubuntu USN	USN-7573-1	X.Org X Server vulnerabilities
Ubuntu USN	USN-7573-2	X.Org X Server vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:10342
https://access.redhat.com/errata/RHSA-2025:10343
https://access.redhat.com/errata/RHSA-2025:10344
https://access.redhat.com/errata/RHSA-2025:10346
https://access.redhat.com/errata/RHSA-2025:10347
https://access.redhat.com/errata/RHSA-2025:10348
https://access.redhat.com/errata/RHSA-2025:10349
https://access.redhat.com/errata/RHSA-2025:10350
https://access.redhat.com/errata/RHSA-2025:10351
https://access.redhat.com/errata/RHSA-2025:10352
https://access.redhat.com/errata/RHSA-2025:10355
https://access.redhat.com/errata/RHSA-2025:10356
https://access.redhat.com/errata/RHSA-2025:10360
https://access.redhat.com/errata/RHSA-2025:10370
https://access.redhat.com/errata/RHSA-2025:10374
https://access.redhat.com/errata/RHSA-2025:10375
https://access.redhat.com/errata/RHSA-2025:10376
https://access.redhat.com/errata/RHSA-2025:10377
https://access.redhat.com/errata/RHSA-2025:10378
https://access.redhat.com/errata/RHSA-2025:10381
https://access.redhat.com/errata/RHSA-2025:10410
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/security/cve/CVE-2025-49180
https://bugzilla.redhat.com/show_bug.cgi?id=2369981
https://nvd.nist.gov/vuln/detail/CVE-2025-49180
https://www.cve.org/CVERecord?id=CVE-2025-49180

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00015}`	epss `{'score': 0.00022}`

Mon, 07 Jul 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:8.8 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.2 cpe:/a:redhat:rhel_eus_long_life:8.4 cpe:/a:redhat:rhel_eus_long_life:8.6 cpe:/a:redhat:rhel_eus_long_life:8.8 cpe:/a:redhat:rhel_tus:8.6 cpe:/a:redhat:rhel_tus:8.8 cpe:/o:redhat:rhel_aus:7.7

Mon, 07 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:10381 https://access.redhat.com/errata/RHSA-2025:10410

Mon, 07 Jul 2025 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus_long_life:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:7.7::server cpe:/o:redhat:rhel_els:6 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:10344 https://access.redhat.com/errata/RHSA-2025:10346 https://access.redhat.com/errata/RHSA-2025:10349 https://access.redhat.com/errata/RHSA-2025:10350 https://access.redhat.com/errata/RHSA-2025:10351 https://access.redhat.com/errata/RHSA-2025:10352 https://access.redhat.com/errata/RHSA-2025:10355 https://access.redhat.com/errata/RHSA-2025:10356 https://access.redhat.com/errata/RHSA-2025:10360 https://access.redhat.com/errata/RHSA-2025:10370 https://access.redhat.com/errata/RHSA-2025:10374 https://access.redhat.com/errata/RHSA-2025:10375 https://access.redhat.com/errata/RHSA-2025:10376 https://access.redhat.com/errata/RHSA-2025:10377 https://access.redhat.com/errata/RHSA-2025:10378

Mon, 07 Jul 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus Long Life Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products		Redhat rhel E4s Redhat rhel Eus Long Life Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:10342 https://access.redhat.com/errata/RHSA-2025:10343 https://access.redhat.com/errata/RHSA-2025:10347 https://access.redhat.com/errata/RHSA-2025:10348

Thu, 03 Jul 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.4

Wed, 02 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:10258

Tue, 01 Jul 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2

Mon, 30 Jun 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream
Vendors & Products		Redhat rhel Aus
References		https://access.redhat.com/errata/RHSA-2025:9964

Mon, 30 Jun 2025 08:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 23 Jun 2025 18:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~
References		https://access.redhat.com/errata/RHSA-2025:9392

Mon, 23 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9

Mon, 23 Jun 2025 06:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:9303 https://access.redhat.com/errata/RHSA-2025:9304 https://access.redhat.com/errata/RHSA-2025:9305 https://access.redhat.com/errata/RHSA-2025:9306

Wed, 18 Jun 2025 15:00:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-49180 https://www.cve.org/CVERecord?id=CVE-2025-49180
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 17 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Title		Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-190
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-49180 https://bugzilla.redhat.com/show_bug.cgi?id=2369981
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-06-17T15:00:18.145Z

Updated: 2025-09-25T18:04:33.535Z

Reserved: 2025-06-03T05:38:02.947Z

Link: CVE-2025-49180

Vulnrichment

Updated: 2025-06-17T15:36:41.758Z

NVD

Status : Awaiting Analysis

Published: 2025-06-17T15:15:46.183

Modified: 2025-07-07T14:15:24.877

Link: CVE-2025-49180

Redhat

Severity : Important

Publid Date: 2025-06-17T00:00:00Z

Links: CVE-2025-49180 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object