CVE-2025-62229 — Use After Free in Xwayland

CWE-416 — Use After Free8 documents8 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 97.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xwayland X.org Xorg-server

Timeline

PublishedOct 30

Description

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:HExploitability: 1.8 | Impact: 5.5

Affected Packages3 packages

▶CVEListV5x.org/xwayland1.15.0 — 24.1.9

▶Debianx.org/xwayland< 2:24.1.9-1

▶Debianx.org/xorg-server< 2:1.20.11-1+deb11u17+3

🔴Vulnerability Details

GHSA

GHSA-49pm-cgmh-hw25: A flaw was found in the X↗2025-10-30

▶

OSV

CVE-2025-62229: A flaw was found in the X↗2025-10-30

▶

CVEList

Xorg: xmayland: use-after-free in xpresentnotify structure creation↗2025-10-30

▶

📋Vendor Advisories

Red Hat

xorg: xmayland: Use-after-free in XPresentNotify structure creation↗2025-10-29

▶

Ubuntu

X.Org X Server vulnerabilities↗2025-10-29

▶

Microsoft

Xorg: xmayland: use-after-free in xpresentnotify structure creation↗2025-10-14

▶

Debian

CVE-2025-62229: xorg-server - A flaw was found in the X.Org X server and Xwayland when processing X11 Present ...↗2025

▶