What is CVE-2025-62231?

CVE-2025-62231 is a high-severity vulnerability in X.org Xwayland, classified under Integer Overflow or Wraparound. CVSS score: 7.3/10. Published 2025-10-30.

How severe is CVE-2025-62231?

High severity. CVSS v3 base score is 7.3 out of 10.

Integer overflow in X.org Xwayland

CVE-2025-62231

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value ca…

Vulnerability class: Integer Overflow

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H.

Affected products

X.org Xwayland — versions 0
Red Hat Enterprise Linux 10 — versions 0:24.1.5-5.el10_0, 0:24.1.5-5.el10_1
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 6 Extended Lifecycle Support - Extension — versions 0:1.1.0-25.el6_10.15
Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:1.20.4-33.el7_9, 0:1.8.0-36.el7_9.3
Red Hat Enterprise Linux 8 — versions 0:21.1.3-19.el8_10, 0:1.20.11-27.el8_10, 0:1.15.0-8.el8_10
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 0:1.9.0-15.el8_2.15, 0:1.20.6-5.el8_2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 0:1.11.0-8.el8_4.14, 0:1.20.10-3.el8_4
Red Hat Enterprise Linux 8.4 Extended Update Support Long-life Add-on — versions 0:1.11.0-8.el8_4.14, 0:1.20.10-3.el8_4
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support — versions 0:1.12.0-6.el8_6.15, 0:1.20.11-6.el8_6, 0:21.1.3-2.el8_6.5

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

RHSA-2025:19432 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19433 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19434 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19435 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19489 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19623 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:19909 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20958 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20960 (vendor-advisory, x_refsource_REDHAT)
RHSA-2025:20961 (vendor-advisory, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2025-62231?: CVE-2025-62231 is a high-severity vulnerability in X.org Xwayland, classified under Integer Overflow or Wraparound. CVSS score: 7.3/10. Published 2025-10-30.
How severe is CVE-2025-62231?: High severity. CVSS v3 base score is 7.3 out of 10.