Description
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Published: 2025-10-30
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑after‑free memory corruption potentially causing crashes
Action: Patch
AI Analysis

Impact

A flaw in the X.Org X server’s X Keyboard (Xkb) extension frees a data structure without properly detaching related resources during client cleanup. The resulting use‑after‑free can corrupt memory or cause the X server to crash when a client disconnects, which leads to denial of service. The weakness is classified as CWE‑416.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux distributions, including RHEL 6, 7, 8, 9, 10 and the X.Org Xwayland component. Specific version ranges are not listed in the supplied data; however, the referenced Red Hat errata indicate that multiple RHEL releases have mitigations in place. Apart from RHEL, any installation of X.org Xwayland is potentially impacted.

Risk and Exploitability

The CVSS score of 7.3 indicates moderate to high severity, while the EPSS score of less than 1% suggests a low current likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker requires a client connected to the X server that triggers the cleanup logic; thus the attack vector is most likely local to the host running the X server, or could be remote if the server accepts untrusted network connections. Exploitation would lead to a crash rather than code execution, but repeated crashes could disrupt availability and serve as a foothold for further attacks if the system is otherwise compromised.

Generated by OpenCVE AI on April 20, 2026 at 16:18 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat errata updates that address the XWayland Xkb use‑after‑free flaw, such as RHSA‑2025‑19432, RHSA‑2025‑19433, RHSA‑2025‑19434, and RHSA‑2025‑19435.
  • Update the X.Org Xwayland package to the latest available release that includes the announced fix.
  • If an immediate patch is unavailable, minimize exposure by restricting untrusted clients to the X server, or move the X server behind a firewall to prevent external connections.

Generated by OpenCVE AI on April 20, 2026 at 16:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4353-1 xorg-server security update
Debian DSA Debian DSA DSA-6044-1 xorg-server security update
References
Link Providers
http://www.openwall.com/lists/oss-security/2025/10/28/7 cve-icon
https://access.redhat.com/errata/RHSA-2025:19432 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19433 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19434 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19435 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19489 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19623 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20958 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20960 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20961 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22040 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22051 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22056 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22077 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22096 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22167 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22364 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22426 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22427 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22729 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22753 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0031 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0033 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0034 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0036 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-62230 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2402653 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html cve-icon
https://lists.x.org/archives/xorg-announce/2025-October/003635.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-62230 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-62230 cve-icon
History

Mon, 20 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
References

Thu, 26 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:30:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4::crb
References

Thu, 04 Dec 2025 08:00:00 +0000

Type Values Removed Values Added
References

Wed, 03 Dec 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_els:6
References

Mon, 01 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 07:00:00 +0000

Type Values Removed Values Added
References

Wed, 26 Nov 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products Redhat rhel Eus Long Life
References

Wed, 26 Nov 2025 05:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
References

Tue, 25 Nov 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:7
References

Tue, 25 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
References

Tue, 25 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Tue, 25 Nov 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 25 Nov 2025 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
References

Tue, 25 Nov 2025 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Tue, 25 Nov 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Tue, 11 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
References

Tue, 11 Nov 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Tue, 11 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 03 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Thu, 30 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Oct 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 30 Oct 2025 05:30:00 +0000

Type Values Removed Values Added
Description A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Title Xorg: xwayland: use-after-free in xkb client resource removal
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H'}

Subscriptions

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-20T13:50:16.428Z

Reserved: 2025-10-09T04:46:44.074Z

Link: CVE-2025-62230

cve-icon Vulnrichment

Updated: 2025-11-04T21:14:18.339Z

cve-icon NVD

Status : Deferred

Published: 2025-10-30T06:15:45.593

Modified: 2026-04-20T14:16:15.090

Link: CVE-2025-62230

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-10-29T00:00:00Z

Links: CVE-2025-62230 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses