Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.5%top 62%

Red Hat Security Advisory: xorg-x11-server-Xwayland update

0
Medium
Published: 11/04/2025 (11/04/2025, 10:35:41 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Please update

Affected software

redhat/xorg-x11-server-Xwayland
pkg:rpm/redhat/xorg-x11-server-Xwayland
Affected versions
>=9.0 <9.6>=9.6 <9.8

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/25/2026, 22:25:32 UTC

Technical Analysis

This advisory addresses three vulnerabilities in the xorg-x11-server-Xwayland component of Red Hat Enterprise Linux 9. CVE-2025-62229 and CVE-2025-62230 are use-after-free vulnerabilities in XPresentNotify structure creation and Xkb client resource removal, respectively. CVE-2025-62231 is a value overflow in XkbSetCompatMap(). Red Hat has released updated packages (version 23.2.7-5.el9_6) to fix these issues across multiple architectures and product variants. The advisory does not provide a CVSS score but classifies the severity as moderate. No known exploits in the wild have been reported. The vendor recommends applying the update after ensuring all previous errata are applied.

Potential Impact

The vulnerabilities could lead to memory corruption issues such as use-after-free and integer overflow within the Xwayland server component, potentially causing application crashes or other unintended behavior. The advisory does not specify exploitation details or direct impact beyond these technical issues. No active exploitation is known at this time.

Mitigation Recommendations

Red Hat has provided fixed package updates for affected versions of Red Hat Enterprise Linux 9 and related variants. Users should apply these updates as per the vendor's instructions after ensuring all prior relevant errata are installed. The vendor advisory is the authoritative source for patch availability and remediation steps.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2025:19623
Cve Count
3
Additional Cves
["CVE-2025-62230","CVE-2025-62231"]
Cvss Version
null

Threat ID: 6a3da1df4853345fc182b038

Added to database: 06/25/2026, 21:47:11 UTC

Last enriched: 06/25/2026, 22:25:32 UTC

Last updated: 07/03/2026, 08:51:22 UTC

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses