Description
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Published: 2025-10-30
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw was identified in the X.Org X server and Xwayland components where processing X11 Present extension notifications. During notification creation the server mishandles errors, leaving dangling pointers that trigger a use‑after‑free. This memory corruption can crash the server or, in the worst case, allow an attacker to execute arbitrary code. The weakness is classified as CWE‑416.

Affected Systems

All editions of Red Hat Enterprise Linux 6, 7, 8 and 9, including their various extended support and specialized update streams (EUS, AUS, E4S, TUS, etc.) are affected, as is the X.org Xwayland package. The vulnerability stems from the core X server and does not target a specific sub‑component version, so any installation of X.Org X server that is not patched is potentially vulnerable. Users should verify that their systems run the updated X server released by Red Hat in the associated errata (RHSA‑2025:19432 and subsequent pages).

Risk and Exploitability

The CVSS score of 7.3 reflects a high impact and moderate complexity, while the EPSS score of less than 1% indicates a very low probability of exploitation at this moment. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local, requiring the attacker to be able to send X11 Present notifications to the server, which is typical for a compromised user or for a remote application that can communicate over the X display protocol. Patching remains the primary defense.

Generated by OpenCVE AI on April 20, 2026 at 16:17 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat Security Update packages listed in errata RHSA-2025:19432, RHSA-2025:19433, RHSA-2025:19434, RHSA-2025:19435, RHSA-2025:19489, RHSA-2025:19623, and all subsequent updates through RHSA-2025:22667 that contain the patch for the X server.
  • Restart any running X server sessions or the entire system to ensure that the updated binaries take effect and the use‑after‑free condition is removed.
  • After patching, confirm that the X server does not crash or process unexpected Present notifications by monitoring logs for “X server crash” or “X server bug” entries; remediation of any residual memory usage would involve reviewing custom extensions or third‑party X server modules.

Generated by OpenCVE AI on April 20, 2026 at 16:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4353-1 xorg-server security update
Debian DSA Debian DSA DSA-6044-1 xorg-server security update
References
Link Providers
http://www.openwall.com/lists/oss-security/2025/10/28/7 cve-icon
https://access.redhat.com/errata/RHSA-2025:19432 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19433 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19434 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19435 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19489 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19623 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20958 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20960 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20961 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22040 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22051 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22056 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22077 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22096 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22167 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22364 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22426 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22427 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22729 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22753 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0031 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0033 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0034 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0036 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-62229 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2402649 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html cve-icon
https://lists.x.org/archives/xorg-announce/2025-October/003635.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-62229 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-62229 cve-icon
History

Mon, 20 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
References

Thu, 26 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:30:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4::crb
References

Thu, 04 Dec 2025 08:00:00 +0000

Type Values Removed Values Added
References

Wed, 03 Dec 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_els:6
References

Mon, 01 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 07:00:00 +0000

Type Values Removed Values Added
References

Wed, 26 Nov 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products Redhat rhel Eus Long Life
References

Wed, 26 Nov 2025 05:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
References

Tue, 25 Nov 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:7
References

Tue, 25 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
References

Tue, 25 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Tue, 25 Nov 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 25 Nov 2025 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
References

Tue, 25 Nov 2025 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Tue, 25 Nov 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Tue, 11 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
References

Tue, 11 Nov 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Tue, 11 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Mon, 03 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 03 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Thu, 30 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Oct 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 30 Oct 2025 05:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Title Xorg: xmayland: use-after-free in xpresentnotify structure creation
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-20T13:50:16.096Z

Reserved: 2025-10-09T04:46:44.074Z

Link: CVE-2025-62229

cve-icon Vulnrichment

Updated: 2025-11-04T21:14:17.039Z

cve-icon NVD

Status : Deferred

Published: 2025-10-30T06:15:45.300

Modified: 2026-04-20T14:16:11.950

Link: CVE-2025-62229

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-10-29T00:00:00Z

Links: CVE-2025-62229 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses