CVE-2025-26597 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
tigervnc	tigervnc	-
x.org	x_server	-
x.org	xwayland	-
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg-server

bullseye	vulnerable
bookworm	2:21.1.7-3+deb12u9 ignored
bullseye (security)	2:1.20.11-1+deb11u15 fixed
bookworm (security)	2:21.1.7-3+deb12u9 fixed
sid	2:21.1.16-1 fixed
trixie	2:21.1.16-1 fixed

xwayland

bookworm	ignored
sid	2:24.1.6-1 fixed
trixie	2:24.1.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg

oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

xorg-hwe-16.04

oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	not-affected

xorg-hwe-18.04

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected

xorg-server

oracular	Fixed 2:21.1.13-2ubuntu1.2 released
noble	Fixed 2:21.1.12-1ubuntu1.2 released
jammy	Fixed 2:21.1.4-2ubuntu1.7~22.04.13 released
focal	Fixed 2:1.20.13-1ubuntu1~20.04.19 released
bionic	Fixed 2:1.19.6-1ubuntu4.15+esm12 released
xenial	Fixed 2:1.18.4-0ubuntu0.12+esm17 released

xorg-server-hwe-16.04

oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	Fixed 2:1.19.6-1ubuntu4.1~16.04.6+esm9 released

xorg-server-hwe-18.04

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 2:1.20.8-2ubuntu2.2~18.04.11+esm4 released

xwayland

oracular	Fixed 2:24.1.2-1ubuntu0.4 released
noble	Fixed 2:23.2.6-1ubuntu0.4 released
jammy	Fixed 2:22.1.1-1ubuntu0.17 released
focal	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Vulnerability Media Exposure

[GERMAN] X.Org X11: Mehrere Schwachstellen ermöglichen nicht näher spezifizierte Auswirkungen, möglicherweise Codeausführung
Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 ausnutzen, um nicht spezifizierte Effekte zu verursachen, was möglicherweise zur Ausführung von beliebigem Code führt.
Published: 2025-02-25T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2025:2500

https://access.redhat.com/errata/RHSA-2025:2502

https://access.redhat.com/errata/RHSA-2025:2861

https://access.redhat.com/errata/RHSA-2025:2862

https://access.redhat.com/errata/RHSA-2025:2865

https://access.redhat.com/errata/RHSA-2025:2866

https://access.redhat.com/errata/RHSA-2025:2873

https://access.redhat.com/errata/RHSA-2025:2874

https://access.redhat.com/errata/RHSA-2025:2875

https://access.redhat.com/errata/RHSA-2025:2879

https://access.redhat.com/errata/RHSA-2025:2880

https://access.redhat.com/security/cve/CVE-2025-26597

https://bugzilla.redhat.com/show_bug.cgi?id=2345255