CVE-2025-26597

HIGH EPSS 37.4%

Published Feb 25, 20251y ago · Modified Jun 25, 20265d ago

7.8 CVSS 3.1

High

Published Feb 25, 2025 1y ago

Last Modified Jun 25, 2026 5d ago

Description

A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

37.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 6

Vendor	Product	Version	Range
tigervnc	tigervnc	*	any
x.org	x_server	*	<21.1.16
x.org	xwayland	*	<24.1.6
redhat	enterprise_linux	7.0	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any

References 19

openwall.com http://www.openwall.com/lists/oss-security/2026/06/02/1
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2500

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2502

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2861

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2862

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2865

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2866

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2873

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2874

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2875

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2879

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:2880

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:3976
access.redhat.com https://access.redhat.com/errata/RHSA-2025:7163
access.redhat.com https://access.redhat.com/errata/RHSA-2025:7165
access.redhat.com https://access.redhat.com/errata/RHSA-2025:7458
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-26597

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2345255

Issue Tracking
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00036.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.