CVE-2025-62231 is an integer overflow vulnerability in the X.Org X server's X Keyboard (Xkb) extension, specifically in the XkbSetCompatMap() function of Xwayland. Improper bounds checking allows an unsigned short value calculation to overflow when processing specially crafted input, potentially causing memory corruption or a crash. The vulnerability is rated with a CVSS 3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H), indicating it requires local access with low complexity and privileges, no user interaction, and can result in high confidentiality and availability impact. Red Hat has issued security advisories (RHSA-2025:19432 and RHSA-2025:19433) providing patches for affected Red Hat Enterprise Linux 8 and 9 versions. The advisories also address related vulnerabilities CVE-2025-62229 and CVE-2025-62230. The patches are available through official Red Hat repositories and should be applied to remediate the issue.

Successful exploitation of this vulnerability can lead to memory corruption or a crash of the Xwayland server process. The CVSS vector indicates a high impact on confidentiality and availability, with partial impact on integrity. The attacker requires local access with low privileges and no user interaction is needed. There are no known exploits in the wild at the time of publication. The vulnerability affects multiple architectures supported by Red Hat Enterprise Linux 8 and 9.

Red Hat has released official security updates that fix this vulnerability in xorg-x11-server-Xwayland packages for Red Hat Enterprise Linux 8 and 9. Users should apply these updates as soon as possible following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory confirms the availability of patches and recommends updating affected systems. No additional mitigation steps are indicated beyond applying the official patches.