CVE-2025-62231

CWE-190 — Integer Overflow8 documents8 sources

Severity

7.3HIGH

EPSS

0.0%

top 98.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xwayland

Timeline

PublishedOct 30

Description

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 1.8 | Impact: 5.5

Affected Packages3 packages

▶CVEListV5x.org/xwayland< 24.1.9

▶Debianxwayland< 2:24.1.9-1

▶Debianxorg-server< 2:1.20.11-1+deb11u17+3

🔴Vulnerability Details

CVEList

Xorg: xmayland: value overflow in xkbsetcompatmap()↗2025-10-30

▶

GHSA

GHSA-h4r4-6hvf-34r8: A flaw was identified in the X↗2025-10-30

▶

OSV

CVE-2025-62231: A flaw was identified in the X↗2025-10-30

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2025-10-29

▶

Red Hat

xorg: xmayland: Value overflow in XkbSetCompatMap()↗2025-10-29

▶

Microsoft

Xorg: xmayland: value overflow in xkbsetcompatmap()↗2025-10-14

▶

Debian

CVE-2025-62231: xorg-server - A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where i...↗2025

▶