Description
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Published: 2025-10-30
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Apply Patch
AI Analysis

Impact

The vulnerability lies in the X.Org X server’s X Keyboard extension where an unsigned short overflow can occur in the XkbSetCompatMap() function due to improper bounds checking. When an attacker sends specially crafted input, the overflow can lead to memory corruption or a crash, potentially compromising the integrity and confidentiality of the system. This weakness is identified as a classic integer overflow (CWE-190).

Affected Systems

Red Hat Enterprise Linux 6 through 10, including all extended lifecycle, advanced, and updates support channels, as well as the X.Org Xwayland implementation. The Red Hat errata catalog lists multiple updates for RHEL 6, 7, 8, 9, 10 and Xwayland to address this flaw.

Risk and Exploitability

The vulnerability has a CVSS score of 7.3, indicating high severity, but the EPSS score is less than 1%, suggesting a low probability of exploitation at this time. It is not listed in CISA’s KEV. A likely attack vector is a remote attacker able to send forged XKB protocol data to a running X server, causing overflow and memory corruption. The exploit would require the attacker to be able to connect to the X server, which typically means a trusted local or remote client on the X network. The lack of a public workaround means that only patching mitigates the risk.

Generated by OpenCVE AI on April 20, 2026 at 15:29 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply all relevant Red Hat errata updates for the affected RHEL version (e.g., RHSA-2025:19432 or later).
  • Ensure the X server package is upgraded to the patched version that includes proper bounds checking in XkbSetCompatMap().
  • Restrict or monitor X client connections to prevent untrusted input; configure the X server or firewall to only accept trusted clients.

Generated by OpenCVE AI on April 20, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4353-1 xorg-server security update
Debian DSA Debian DSA DSA-6044-1 xorg-server security update
References
Link Providers
http://www.openwall.com/lists/oss-security/2025/10/28/7 cve-icon
https://access.redhat.com/errata/RHSA-2025:19432 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19433 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19434 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19435 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19489 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19623 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19909 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20958 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20960 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:20961 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22040 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22051 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22055 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22056 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22077 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22096 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22167 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22364 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22426 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22427 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22729 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22742 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:22753 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0031 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0033 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0034 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0035 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0036 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-62231 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2402660 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html cve-icon
https://lists.x.org/archives/xorg-announce/2025-October/003635.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-62231 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-62231 cve-icon
History

Mon, 20 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
References

Thu, 26 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:30:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 06:30:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
References

Thu, 04 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.4::crb
References

Thu, 04 Dec 2025 08:00:00 +0000

Type Values Removed Values Added
References

Wed, 03 Dec 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_els:6
References

Mon, 01 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 07:00:00 +0000

Type Values Removed Values Added
References

Wed, 26 Nov 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products Redhat rhel Eus Long Life
References

Wed, 26 Nov 2025 05:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
References

Tue, 25 Nov 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:7
References

Tue, 25 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
References

Tue, 25 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Tue, 25 Nov 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 25 Nov 2025 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
References

Tue, 25 Nov 2025 08:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
References

Tue, 25 Nov 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Tue, 11 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
References

Tue, 11 Nov 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Tue, 11 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 03 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
References

Thu, 30 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Oct 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 30 Oct 2025 06:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H'}

Thu, 30 Oct 2025 05:15:00 +0000

Type Values Removed Values Added
Description A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Title Xorg: xmayland: value overflow in xkbsetcompatmap()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-20T13:50:20.474Z

Reserved: 2025-10-09T04:46:44.074Z

Link: CVE-2025-62231

cve-icon Vulnrichment

Updated: 2025-11-04T21:14:19.743Z

cve-icon NVD

Status : Deferred

Published: 2025-10-30T05:15:39.120

Modified: 2026-04-20T14:16:15.933

Link: CVE-2025-62231

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-10-29T00:00:00Z

Links: CVE-2025-62231 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:30:06Z

Weaknesses