CVE-2025-49175 is an out-of-bounds read vulnerability in the X.Org xwayland implementation of the X Rendering extension, specifically in the handling of animated cursors. When a client application provides zero cursors, the xwayland server incorrectly assumes at least one cursor is present, leading to an out-of-bounds memory read. This memory access error can cause the xwayland server process to crash, resulting in denial of service. The vulnerability requires local access with low privileges (AV:L, PR:L), does not require user interaction (UI:N), and affects confidentiality minimally (C:L) but impacts availability significantly (A:H). The scope is unchanged (S:U), meaning the vulnerability affects only the local component without privilege escalation or broader system compromise. The affected product is xwayland, a compatibility layer that allows X11 applications to run on Wayland compositors, widely used in modern Linux graphical environments. No patches or known exploits are currently reported, but the flaw could be leveraged by local attackers to disrupt graphical sessions or services relying on xwayland.

The primary impact of CVE-2025-49175 is denial of service through crashing the xwayland server process. This can disrupt graphical user sessions or applications relying on X11 compatibility on Wayland-based Linux systems. Organizations using Linux desktops or servers with xwayland may experience service interruptions, potentially affecting productivity or critical graphical applications. While confidentiality and integrity impacts are low, availability is significantly affected. In multi-user or shared environments, a local attacker could exploit this flaw to cause repeated crashes, leading to system instability or requiring restarts. This could also affect remote desktop or virtual desktop infrastructure setups that depend on xwayland for graphical rendering.

To mitigate CVE-2025-49175, organizations should monitor for and apply vendor patches or updates to xwayland as soon as they become available. Until patches are released, limiting local access to trusted users reduces the risk of exploitation. Employing strict user privilege separation and access controls on systems running xwayland can prevent unprivileged users from triggering the vulnerability. Additionally, system administrators can consider disabling or restricting the use of animated cursors in the X Rendering extension if feasible. Monitoring system logs for xwayland crashes can help detect attempted exploitation. For environments where graphical stability is critical, fallback to pure Wayland-native applications or alternative display servers without this vulnerability may be considered. Regularly updating Linux distributions and components ensures timely incorporation of security fixes.