What is CVE-2025-49180?

CVE-2025-49180 is a high-severity vulnerability in X.org Xwayland, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2025-06-17.

How severe is CVE-2025-49180?

High severity. CVSS v3 base score is 7.8 out of 10.

Integer overflow in X.org Xwayland

CVE-2025-49180

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Vulnerability class: Integer Overflow

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

X.org Xwayland — versions 0
Red Hat Enterprise Linux 10 — versions 0:24.1.5-4.el10_0
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension — versions 0:1.1.0-25.el6_10.1
Red Hat Enterprise Linux 7.7 Advanced Update Support — versions 0:1.8.0-17.el7_7.1
Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:1.20.4-32.el7_9, 0:1.8.0-36.el7_9.2
Red Hat Enterprise Linux 8 — versions 0:1.20.11-26.el8_10, 0:21.1.3-18.el8_10, 0:1.15.0-7.el8_10
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:1.9.0-15.el8_2.14, 0:1.20.6-4.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:1.20.10-2.el8_4, 0:1.11.0-8.el8_4.13
Red Hat Enterprise Linux 8.4 Extended Update Support Long-life Add-on — versions 0:1.20.10-2.el8_4, 0:1.11.0-8.el8_4.13

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

RHSA-2025:10258 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10342 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10343 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10344 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10346 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10347 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10348 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10349 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10350 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:10351 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2025-49180?: CVE-2025-49180 is a high-severity vulnerability in X.org Xwayland, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2025-06-17.
How severe is CVE-2025-49180?: High severity. CVSS v3 base score is 7.8 out of 10.