CVE-2025-62231 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-62231

CVE-2025-62231

October 30, 2025

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

Affected Packages

https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):

Affected version(s) >=xwayland-24.0.99.901 <xwayland-24.1.9

Fix Suggestion:

Update to version xwayland-24.1.9

https://gitlab.freedesktop.org/xorg/xserver.git (SCM_GIT):

Affected version(s) >=xorg-server-21.1.14 <xorg-server-21.1.19

Fix Suggestion:

Update to version xorg-server-21.1.19

Additional Notes

The description of this vulnerability differs from MITRE.

Related Resources (38)

https://access.redhat.com/errata/RHSA-2026:0034

https://access.redhat.com/errata/RHSA-2026:0031

https://access.redhat.com/errata/RHSA-2025:22167

https://access.redhat.com/errata/RHSA-2025:22041

https://access.redhat.com/errata/RHSA-2025:19435

https://access.redhat.com/errata/RHSA-2025:19434

https://access.redhat.com/errata/RHSA-2025:22077

https://seclists.org/oss-sec/2025/q4/92

https://access.redhat.com/errata/RHSA-2025:22426

https://access.redhat.com/errata/RHSA-2026:0035

https://access.redhat.com/errata/RHSA-2025:22364

https://lists.debian.org/debian-lts-announce/2025/10/msg00033.html

https://access.redhat.com/errata/RHSA-2025:19432

https://access.redhat.com/errata/RHSA-2025:20961

https://access.redhat.com/errata/RHSA-2026:0033

https://access.redhat.com/security/cve/CVE-2025-62231

https://access.redhat.com/errata/RHSA-2025:22753

https://access.redhat.com/errata/RHSA-2025:22096

https://access.redhat.com/errata/RHSA-2025:19909

https://access.redhat.com/errata/RHSA-2025:20960

https://access.redhat.com/errata/RHSA-2025:22427

https://access.redhat.com/errata/RHSA-2025:22164

https://access.redhat.com/errata/RHSA-2026:0036

https://access.redhat.com/errata/RHSA-2025:22742

https://access.redhat.com/errata/RHSA-2025:22365

https://access.redhat.com/errata/RHSA-2025:19433

https://access.redhat.com/errata/RHSA-2025:19623

https://access.redhat.com/errata/RHSA-2025:22056

https://access.redhat.com/errata/RHSA-2025:22051

https://access.redhat.com/errata/RHSA-2025:19489

https://access.redhat.com/errata/RHSA-2025:22040

https://bugzilla.redhat.com/show_bug.cgi?id=2402660

https://access.redhat.com/errata/RHSA-2025:22729

https://access.redhat.com/errata/RHSA-2025:22055

https://access.redhat.com/errata/RHSA-2025:20958

https://access.redhat.com/errata/RHSA-2025:22667

http://www.openwall.com/lists/oss-security/2025/10/28/7

https://access.redhat.com/errata/RHSA-2025:21035

Do you need more information?

CVSS v4

Base Score:

7

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

LOW

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

HIGH

Weakness Type (CWE)

Integer Overflow or Wraparound

EPSS

Base Score:

0.01