CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26595: Xorg: xwayland: buffer overflow in xkbvmodmasktext()

Description

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

Classification

CVE ID: CVE-2025-26595

Problem Types

Stack-based Buffer Overflow

Affected Products

Vendor: Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat

Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.54% (scored less or equal to compared to others)

EPSS Date: 2025-03-26 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://access.redhat.com/security/cve/CVE-2025-26595
https://bugzilla.redhat.com/show_bug.cgi?id=2345257

Timeline

2025-02-25 16:40:13 UTC
CVE

Xorg: xwayland: buffer overflow in xkbvmodmasktext()
2025-03-06 09:45:37 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-26595
2025-03-11 11:45:20 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: xorg-x11-server (CVE-2025-26595)