CVE-2025-49177 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
redhat	CNA	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
x.org	xwayland	𝑥 < 24.1.7	CNA

Debian Releases

Debian Product

Codename

xorg-server

bookworm	2:21.1.7-3+deb12u12 fixed
bookworm (security)	2:21.1.7-3+deb12u11 fixed
bullseye	2:1.20.11-1+deb11u13 fixed
bullseye (security)	2:1.20.11-1+deb11u17 fixed
forky	2:21.1.22-1 fixed
sid	2:21.1.22-1 fixed
trixie	2:21.1.16-1.3+deb13u2 fixed
trixie (security)	2:21.1.16-1.3+deb13u1 fixed

xwayland

bookworm	ignored
forky	2:24.1.11-1 fixed
sid	2:24.1.11-1 fixed
trixie	ignored

Ubuntu Releases

Ubuntu Product

Codename

xorg-server

bionic	needs-triage
focal	needs-triage
jammy	Fixed 2:21.1.4-2ubuntu1.7~22.04.15 released
noble	Fixed 2:21.1.12-1ubuntu1.4 released
oracular	Fixed 2:21.1.13-2ubuntu1.4 released
plucky	Fixed 2:21.1.16-1ubuntu1.1 released
questing	Fixed 2:21.1.18-1ubuntu1 released
resolute	Fixed 2:21.1.18-1ubuntu1 released
trusty	needs-triage
xenial	needs-triage

xwayland

jammy	Fixed 2:22.1.1-1ubuntu0.19 released
noble	Fixed 2:23.2.6-1ubuntu0.6 released
oracular	Fixed 2:24.1.2-1ubuntu0.6 released
plucky	Fixed 2:24.1.6-1ubuntu0.1 released
questing	Fixed 2:24.1.6-1ubuntu1 released
resolute	Fixed 2:24.1.6-1ubuntu1 released

xorg

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	not-affected
plucky	not-affected
questing	not-affected
resolute	not-affected
xenial	not-affected

xorg-server-hwe-16.04

jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	needs-triage

xorg-server-hwe-18.04

bionic	needs-triage
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne

xorg-hwe-16.04

jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne
xenial	not-affected

xorg-hwe-18.04

bionic	not-affected
jammy	dne
noble	dne
oracular	dne
plucky	dne
questing	dne
resolute	dne

openSUSE / SLES Releases

openSUSE Product

Release

xorg-x11-server

suse enterprise desktop 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.35.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.3.1 fixed

xorg-x11-server-Xvfb

suse enterprise desktop 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.35.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.3.1 fixed

xorg-x11-server-extra

suse enterprise desktop 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise desktop 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise sap 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise sap 15 SP7	21.1.15-150700.5.3.1 fixed
suse enterprise server 15 SP5	21.1.4-150500.7.35.1 fixed
suse enterprise server 15 SP6	21.1.11-150600.5.12.1 fixed
suse enterprise server 15 SP7	21.1.15-150700.5.3.1 fixed

xorg-x11-server-sdk

suse enterprise server 15 SP5

21.1.4-150500.7.35.1

fixed

xwayland

suse enterprise desktop 15 SP6	24.1.1-150600.5.12.1 fixed
suse enterprise desktop 15 SP7	24.1.5-150700.3.3.1 fixed
suse enterprise sap 15 SP6	24.1.1-150600.5.12.1 fixed
suse enterprise sap 15 SP7	24.1.5-150700.3.3.1 fixed
suse enterprise server 15 SP6	24.1.1-150600.5.12.1 fixed
suse enterprise server 15 SP7	24.1.5-150700.3.3.1 fixed
suse enterprise workstation 15 SP6	24.1.1-150600.5.12.1 fixed
suse enterprise workstation 15 SP7	24.1.5-150700.3.3.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

xorg-x11-server-Xdmx

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-Xephyr

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-Xnest

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-Xorg

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-Xvfb

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-Xwayland

RHEL 9

0:23.2.7-4.el9_6

fixed

xorg-x11-server-Xwayland-devel

RHEL 9

0:23.2.7-4.el9_6

fixed

xorg-x11-server-common

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-devel

RHEL 9

0:1.20.11-31.el9_6

fixed

xorg-x11-server-source

RHEL 9

0:1.20.11-31.el9_6

fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://access.redhat.com/errata/RHSA-2025:10258

https://access.redhat.com/errata/RHSA-2025:9303

https://access.redhat.com/errata/RHSA-2025:9304

https://access.redhat.com/security/cve/CVE-2025-49177

https://bugzilla.redhat.com/show_bug.cgi?id=2369955

https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af

https://www.x.org/wiki/Development/Security/