CVE-2025-26595
Published: 25 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-26595 is a buffer overflow vulnerability affecting X.Org and Xwayland. The flaw resides in the XkbVModMaskText() function, which allocates a fixed-sized buffer on the stack and copies names of virtual modifiers into it without bounds checking, regardless of the input size. This issue, published on 2025-02-25, is classified under CWE-121 (stack-based buffer overflow) and CWE-787 (out-of-bounds write), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Local attackers with low privileges can exploit this vulnerability. Requiring only local access and low attack complexity with no user interaction, exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and denial of service through potential arbitrary code execution in the context of the affected process.
Red Hat has released multiple security errata to address CVE-2025-26595, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865. Security practitioners should review and apply these updates promptly to affected systems running vulnerable versions of X.Org or Xwayland.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The buffer overflow (CVE-2025-26595) and related memory corruption vulnerabilities (e.g., use-after-free, out-of-bounds write, heap overflow) in Xwayland, patched via TigerVNC updates, enable exploitation of the remote VNC service for potential remote code execution.