CVE-2025-26599
Published: 25 February 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-26599 is an access to an uninitialized pointer flaw (CWE-824) affecting X.Org and Xwayland. The vulnerability arises when the function compCheckRedirect() fails to allocate the backing pixmap, causing compRedirectWindow() to return a BadAlloc error without fully validating the previously marked window tree. This leaves the validated data partly uninitialized, resulting in the subsequent use of an uninitialized pointer. The issue was published on 2025-02-25 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise on affected X.Org or Xwayland installations.
Red Hat has released multiple errata addressing the flaw, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages with fixes for vulnerable systems.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-26599 is a memory corruption vulnerability (uninitialized pointer) in Xwayland/X.Org components integrated in TigerVNC server, enabling remote code execution or denial of service via malformed X11 protocol requests over VNC remote service.