CVE-2025-26597
Published: 25 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-26597 is a buffer overflow vulnerability in X.Org and Xwayland. The flaw occurs in the XkbChangeTypesOfKey() function: when called with a group value of 0, it resizes the key symbols table to zero while leaving the key actions unchanged. A subsequent call with a non-zero group value then triggers a buffer overflow due to the mismatched size of the key actions table. This issue, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), received a CVSS v3.1 base score of 7.8.
The vulnerability can be exploited by a local attacker with low privileges (PR:L). It requires local access (AV:L) and low attack complexity (AC:L) with no user interaction (UI:N), allowing the attacker to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the affected system's scope (S:U). Successful exploitation could enable arbitrary code execution or system compromise from a low-privileged context.
Red Hat has addressed the vulnerability through multiple errata releases, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages for affected X.Org and Xwayland components in various Red Hat Enterprise Linux versions. Security practitioners should apply these patches promptly to mitigate the risk.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow and related memory corruption vulnerabilities (e.g., use-after-free, heap overflow) in Xwayland, as used in TigerVNC remote display system, enable remote code execution via exploitation of the remote service.