Vulnerability DatabaseCVE-2025-62230
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-62230
October 30, 2025
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Affected Packages
https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):
Affected version(s) >=xwayland-24.0.99.901 <xwayland-24.1.9
Fix Suggestion:
Update to version xwayland-24.1.9
https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):
Affected version(s) >=xorg-server-21.1.14 <xorg-server-21.1.19
Fix Suggestion:
Update to version xorg-server-21.1.19
Additional Notes
The description of this vulnerability differs from MITRE.
Related Resources (38)
https://access.redhat.com/errata/RHSA-2025:19435
https://access.redhat.com/errata/RHSA-2026:0034
https://access.redhat.com/errata/RHSA-2025:22167
https://access.redhat.com/errata/RHSA-2025:22096
https://access.redhat.com/errata/RHSA-2025:22365
https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html
https://access.redhat.com/security/cve/CVE-2025-62230
https://access.redhat.com/errata/RHSA-2026:0036
https://access.redhat.com/errata/RHSA-2025:22742
https://access.redhat.com/errata/RHSA-2025:22056
https://access.redhat.com/errata/RHSA-2025:20960
https://access.redhat.com/errata/RHSA-2025:22041
https://access.redhat.com/errata/RHSA-2025:19623
https://access.redhat.com/errata/RHSA-2025:20958
https://access.redhat.com/errata/RHSA-2025:22364
https://bugzilla.redhat.com/show_bug.cgi?id=2402653
https://access.redhat.com/errata/RHSA-2025:19432
https://seclists.org/oss-sec/2025/q4/92
https://access.redhat.com/errata/RHSA-2025:19434
https://access.redhat.com/errata/RHSA-2025:19489
https://access.redhat.com/errata/RHSA-2025:22164
https://access.redhat.com/errata/RHSA-2025:20961
https://access.redhat.com/errata/RHSA-2025:22040
https://access.redhat.com/errata/RHSA-2025:22729
https://access.redhat.com/errata/RHSA-2026:0033
https://access.redhat.com/errata/RHSA-2026:0031
https://access.redhat.com/errata/RHSA-2025:22055
https://access.redhat.com/errata/RHSA-2026:0035
https://access.redhat.com/errata/RHSA-2025:22051
https://access.redhat.com/errata/RHSA-2025:22667
https://access.redhat.com/errata/RHSA-2025:22077
https://access.redhat.com/errata/RHSA-2025:19433
https://access.redhat.com/errata/RHSA-2025:22753
https://access.redhat.com/errata/RHSA-2025:22427
http://www.openwall.com/lists/oss-security/2025/10/28/7
https://access.redhat.com/errata/RHSA-2025:21035
https://access.redhat.com/errata/RHSA-2025:22426
https://access.redhat.com/errata/RHSA-2025:19909
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
HIGH
Weakness Type (CWE)
Use After Free
CWE-416
EPSS
Base Score:
0.01