Vulnerability DatabaseCVE-2025-62229
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-62229
October 30, 2025
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Affected Packages
https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):
Affected version(s) >=xwayland-24.0.99.901 <xwayland-24.1.9
Fix Suggestion:
Update to version xwayland-24.1.9
https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):
Affected version(s) >=xorg-server-21.1.14 <xorg-server-21.1.19
Fix Suggestion:
Update to version xorg-server-21.1.19
Additional Notes
The description of this vulnerability differs from MITRE.
Related Resources (38)
https://access.redhat.com/errata/RHSA-2026:0036
https://access.redhat.com/errata/RHSA-2025:22164
https://access.redhat.com/errata/RHSA-2025:21035
https://access.redhat.com/errata/RHSA-2025:22742
https://access.redhat.com/errata/RHSA-2025:19435
https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
https://access.redhat.com/errata/RHSA-2025:20961
https://access.redhat.com/errata/RHSA-2025:22041
https://access.redhat.com/errata/RHSA-2025:22051
https://access.redhat.com/errata/RHSA-2026:0033
https://access.redhat.com/errata/RHSA-2025:19432
https://access.redhat.com/errata/RHSA-2025:19433
https://access.redhat.com/errata/RHSA-2025:22040
https://access.redhat.com/errata/RHSA-2025:22667
https://access.redhat.com/errata/RHSA-2025:22426
https://access.redhat.com/security/cve/CVE-2025-62229
https://access.redhat.com/errata/RHSA-2025:19489
https://access.redhat.com/errata/RHSA-2025:20958
https://access.redhat.com/errata/RHSA-2025:22056
https://access.redhat.com/errata/RHSA-2026:0031
https://access.redhat.com/errata/RHSA-2025:19434
https://access.redhat.com/errata/RHSA-2025:22753
https://access.redhat.com/errata/RHSA-2025:22427
https://access.redhat.com/errata/RHSA-2026:0034
https://access.redhat.com/errata/RHSA-2025:22055
https://access.redhat.com/errata/RHSA-2025:19909
https://access.redhat.com/errata/RHSA-2026:0035
https://access.redhat.com/errata/RHSA-2025:22364
https://access.redhat.com/errata/RHSA-2025:22365
https://bugzilla.redhat.com/show_bug.cgi?id=2402649
https://seclists.org/oss-sec/2025/q4/92
https://access.redhat.com/errata/RHSA-2025:22077
https://access.redhat.com/errata/RHSA-2025:22167
https://access.redhat.com/errata/RHSA-2025:20960
https://access.redhat.com/errata/RHSA-2025:22729
http://www.openwall.com/lists/oss-security/2025/10/28/7
https://access.redhat.com/errata/RHSA-2025:19623
https://access.redhat.com/errata/RHSA-2025:22096
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Use After Free
CWE-416
EPSS
Base Score:
0.01