CVE-2025-26595

A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:2500	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2502	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2861	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2862	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2865	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2866	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2873	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2874	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2875	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2879	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:2880	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7163
https://access.redhat.com/errata/RHSA-2025:7165
https://access.redhat.com/errata/RHSA-2025:7458
https://access.redhat.com/security/cve/CVE-2025-26595	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345257	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:x.org:x_server::::::::
	cpe:2.3:a:x.org:xwayland::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

13 May 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:7458 -

13 May 2025, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:7163 - () https://access.redhat.com/errata/RHSA-2025:7165 -

08 May 2025, 18:01

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2025:2500 -~~	() https://access.redhat.com/errata/RHSA-2025:2500 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2875 -~~	() https://access.redhat.com/errata/RHSA-2025:2875 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2862 -~~	() https://access.redhat.com/errata/RHSA-2025:2862 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2874 -~~	() https://access.redhat.com/errata/RHSA-2025:2874 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2879 -~~	() https://access.redhat.com/errata/RHSA-2025:2879 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2873 -~~	() https://access.redhat.com/errata/RHSA-2025:2873 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2865 -~~	() https://access.redhat.com/errata/RHSA-2025:2865 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2866 -~~	() https://access.redhat.com/errata/RHSA-2025:2866 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2861 -~~	() https://access.redhat.com/errata/RHSA-2025:2861 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2880 -~~	() https://access.redhat.com/errata/RHSA-2025:2880 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:2502 -~~	() https://access.redhat.com/errata/RHSA-2025:2502 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE	cpe:2.3:a:x.org:x_server:-:::::::* cpe:2.3:a:x.org:xwayland:-:::::::*	cpe:2.3:a:x.org:x_server:::::::: cpe:2.3:a:x.org:xwayland::::::::
CWE		CWE-787

17 Mar 2025, 05:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:2879 - () https://access.redhat.com/errata/RHSA-2025:2873 - () https://access.redhat.com/errata/RHSA-2025:2866 - () https://access.redhat.com/errata/RHSA-2025:2861 - () https://access.redhat.com/errata/RHSA-2025:2880 -

17 Mar 2025, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:2862 - () https://access.redhat.com/errata/RHSA-2025:2874 - () https://access.redhat.com/errata/RHSA-2025:2875 - () https://access.redhat.com/errata/RHSA-2025:2865 -

10 Mar 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:2500 - () https://access.redhat.com/errata/RHSA-2025:2502 -

04 Mar 2025, 17:22

Type	Values Removed	Values Added
First Time		X.org Redhat enterprise Linux Tigervnc tigervnc X.org xwayland Redhat X.org x Server Tigervnc
CPE		cpe:2.3:a:x.org:x_server:-:::::::* cpe:2.3:a:x.org:xwayland:-:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:tigervnc:tigervnc:-:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : unknown
CWE	~~CWE-121~~
References	~~() https://access.redhat.com/security/cve/CVE-2025-26595 -~~	() https://access.redhat.com/security/cve/CVE-2025-26595 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2345257 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2345257 - Issue Tracking

25 Feb 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-25 16:15

Updated : 2025-05-13 20:15

NVD link : CVE-2025-26595

Mitre link : CVE-2025-26595

JSON object : View

Products Affected

x.org

x_server
xwayland

tigervnc

tigervnc

redhat

enterprise_linux

CWE

CWE-787

Out-of-bounds Write

7.8 /10