CVE-2025-49179
HIGH EPSS 19.6%
Published Jun 17, 20251y ago · Modified Jun 17, 20262w ago
7.3 CVSS 3.1
Published Jun 17, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability High
Threat Intelligence
EPSS Exploit Probability
19.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
References 33
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10258
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10342
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10343
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10344
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10346
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10347
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10348
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10349
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10350
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10351
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10352
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10355
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10356
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10360
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10370
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10374
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10375
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10376
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10377
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10378
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10381
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10410
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9303
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9304
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9305
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9306
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9392
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9964
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-49179
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2369978
- gitlab.freedesktop.org https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- x.org https://www.x.org/wiki/Development/Security/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.