CVE-2025-26595: Stack-based Buffer Overflow
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
AI Analysis
Technical Summary
CVE-2025-26595 is a high-severity stack-based buffer overflow vulnerability found in the XkbVModMaskText() function of X.Org and Xwayland. The function copies virtual modifier names into a fixed-size stack buffer without validating the size, which can cause a buffer overflow. This flaw affects versions up to 22.0.0 and has a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating local attack vector with low complexity and requiring low privileges, no user interaction, and resulting in high impact on confidentiality, integrity, and availability. Red Hat has released security advisories RHSA-2025:2500 and RHSA-2025:2502, providing patched tigervnc packages for Red Hat Enterprise Linux 8 and 9 that fix this and other related vulnerabilities in X.Org/Xwayland components. The advisories include detailed package versions and instructions for applying the updates.
Potential Impact
Successful exploitation of this vulnerability could allow a local attacker with low privileges to cause a buffer overflow in X.Org/Xwayland, potentially leading to arbitrary code execution or denial of service. The CVSS score of 7.8 reflects high impact on confidentiality, integrity, and availability. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released official patches for this vulnerability as part of updated tigervnc packages for Red Hat Enterprise Linux versions 8 and 9. Users should apply these updates promptly following the guidance in Red Hat advisories RHSA-2025:2500 and RHSA-2025:2502 and the instructions at https://access.redhat.com/articles/11258. Applying these official fixes fully mitigates the vulnerability. No additional mitigation steps are required beyond applying the vendor-provided patches.
CVE-2025-26595: Stack-based Buffer Overflow
Description
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-26595 is a high-severity stack-based buffer overflow vulnerability found in the XkbVModMaskText() function of X.Org and Xwayland. The function copies virtual modifier names into a fixed-size stack buffer without validating the size, which can cause a buffer overflow. This flaw affects versions up to 22.0.0 and has a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating local attack vector with low complexity and requiring low privileges, no user interaction, and resulting in high impact on confidentiality, integrity, and availability. Red Hat has released security advisories RHSA-2025:2500 and RHSA-2025:2502, providing patched tigervnc packages for Red Hat Enterprise Linux 8 and 9 that fix this and other related vulnerabilities in X.Org/Xwayland components. The advisories include detailed package versions and instructions for applying the updates.
Potential Impact
Successful exploitation of this vulnerability could allow a local attacker with low privileges to cause a buffer overflow in X.Org/Xwayland, potentially leading to arbitrary code execution or denial of service. The CVSS score of 7.8 reflects high impact on confidentiality, integrity, and availability. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released official patches for this vulnerability as part of updated tigervnc packages for Red Hat Enterprise Linux versions 8 and 9. Users should apply these updates promptly following the guidance in Red Hat advisories RHSA-2025:2500 and RHSA-2025:2502 and the instructions at https://access.redhat.com/articles/11258. Applying these official fixes fully mitigates the vulnerability. No additional mitigation steps are required beyond applying the vendor-provided patches.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-02-12T14:12:22.795Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fc1484d88663aecbf4
Added to database: 5/20/2025, 6:59:08 PM
Last enriched: 4/7/2026, 5:52:12 AM
Last updated: 5/9/2026, 3:58:13 AM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.