CVE-2025-26594

Published Feb 25, 2025

Last updated 6 months ago

CVSS high 7.8

Overview

Description
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
Source
secalert@redhat.com
NVD status
Modified
Products
tigervnc, x_server, xwayland, enterprise_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-416
nvd@nist.gov
CWE-416

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-26594 🔴 HIGH (7.8) 🏢 Red Hat - Red Hat Enterprise Linux 6 🏗️ None 🔗 https://t.co/2mBSqvaygX 🔗 https://t.co/oqNU2AQTsU #CyberCron #VulnAlert @RedHat https://t.co/mD5N5WA9X1

    @cybercronai

    27 Feb 2025

    13 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 #CVE-2025-26594 - XOrg Server and Xwayland Vulnerability: Detection and Mitigation https://t.co/eN6AcY3BeG

    @UndercodeUpdate

    25 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-26594 A use-after-free flaw was found in https://t.co/NfcYnrk5RQ and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the inte… https://t.co/W4JyNfS4zC

    @CVEnew

    25 Feb 2025

    348 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.