What is CVE-2025-62230?

CVE-2025-62230 is a high-severity vulnerability in X.org Xwayland, classified under Use After Free. CVSS score: 7.3/10. Published 2025-10-30.

How severe is CVE-2025-62230?

High severity. CVSS v3 base score is 7.3 out of 10.

Use After Free in X.org Xwayland

CVE-2025-62230

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition…

Vulnerability class: Use-After-Free

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H.

Affected products

X.org Xwayland — versions 0
Red Hat Enterprise Linux 10 — versions 0:24.1.5-5.el10_0, 0:24.1.5-5.el10_1
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension — versions 0:1.1.0-25.el6_10.15
Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:1.20.4-33.el7_9, 0:1.8.0-36.el7_9.3
Red Hat Enterprise Linux 8 — versions 0:21.1.3-19.el8_10, 0:1.20.11-27.el8_10, 0:1.15.0-8.el8_10
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:1.9.0-15.el8_2.15, 0:1.20.6-5.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:1.11.0-8.el8_4.14, 0:1.20.10-3.el8_4
Red Hat Enterprise Linux 8.4 Extended Update Support Long-life Add-on — versions 0:1.11.0-8.el8_4.14, 0:1.20.10-3.el8_4
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support — versions 0:1.12.0-6.el8_6.15, 0:1.20.11-6.el8_6, 0:21.1.3-2.el8_6.5

Weakness classification (CWE)

CWE-416 — Use After Free

References

RHSA-2025:19432 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19433 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19434 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19435 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19489 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19623 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19909 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20958 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20960 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20961 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2025-62230?: CVE-2025-62230 is a high-severity vulnerability in X.org Xwayland, classified under Use After Free. CVSS score: 7.3/10. Published 2025-10-30.
How severe is CVE-2025-62230?: High severity. CVSS v3 base score is 7.3 out of 10.