CVE-2025-26596
Published: 25 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-26596 is a heap-based buffer overflow vulnerability (CWE-787) affecting X.Org and Xwayland. The flaw stems from a discrepancy in length computation between the XkbSizeKeySyms() and XkbWriteKeySyms() functions, which can lead to improper handling of data and a heap overflow. Published on 2025-02-25, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system crashes within the affected X server processes.
Red Hat has issued multiple errata to address the issue, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages with fixes for vulnerable X.Org and Xwayland versions in various Red Hat Enterprise Linux releases. Security practitioners should apply these patches promptly to mitigate exposure.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Heap overflow in Xwayland/X.Org keyboard handling (XkbWriteKeySyms), patched in TigerVNC, enables remote code execution via crafted input over VNC remote display protocol.