CVE-2025-62230Use After Free in Xwayland

CWE-416Use After Free8 documents8 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 98.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org XwaylandX.org Xorg-server
Timeline
PublishedOct 30

Description

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 1.8 | Impact: 5.5

Affected Packages3 packages

CVEListV5x.org/xwayland< 24.1.9
Debianx.org/xwayland< 2:24.1.9-1
Debianx.org/xorg-server< 2:1.20.11-1+deb11u17+3

🔴Vulnerability Details

3
GHSA
GHSA-892r-x96w-jh76: A flaw was discovered in the X2025-10-30
CVEList
Xorg: xwayland: use-after-free in xkb client resource removal2025-10-30
OSV
CVE-2025-62230: A flaw was discovered in the X2025-10-30

📋Vendor Advisories

4
Red Hat
xorg: xwayland: Use-after-free in Xkb client resource removal2025-10-29
Ubuntu
X.Org X Server vulnerabilities2025-10-29
Microsoft
Xorg: xwayland: use-after-free in xkb client resource removal2025-10-14
Debian
CVE-2025-62230: xorg-server - A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when ha...2025
CVE-2025-62230 — Use After Free in X.org Xwayland | cvebase