CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26596: Xorg: xwayland: heap overflow in xkbwritekeysyms()

Description

A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

Classification

CVE ID: CVE-2025-26596

Problem Types

Heap-based Buffer Overflow

Affected Products

Vendor: Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat

Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.54% (scored less or equal to compared to others)

EPSS Date: 2025-03-26 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://access.redhat.com/security/cve/CVE-2025-26596
https://bugzilla.redhat.com/show_bug.cgi?id=2345256

Timeline

2025-02-25 16:40:13 UTC
CVE

Xorg: xwayland: heap overflow in xkbwritekeysyms()
2025-03-11 11:45:21 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: xorg-x11-server (CVE-2025-26596)