CVE-2025-49178 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

xorg-server

bullseye	vulnerable
bookworm	ignored
bullseye (security)	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
sid	2:21.1.16-1.2 fixed

xwayland

bookworm	ignored
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

xorg

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

xorg-hwe-16.04

plucky	dne
oracular	dne
noble	dne
jammy	dne
xenial	not-affected

xorg-hwe-18.04

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	not-affected

xorg-server

plucky	Fixed 2:21.1.16-1ubuntu1.1 released
oracular	Fixed 2:21.1.13-2ubuntu1.4 released
noble	Fixed 2:21.1.12-1ubuntu1.4 released
jammy	Fixed 2:21.1.4-2ubuntu1.7~22.04.15 released
focal	Fixed 2:1.20.13-1ubuntu1~20.04.20+esm1 released
bionic	Fixed 2:1.19.6-1ubuntu4.15+esm13 released
xenial	Fixed 2:1.18.4-0ubuntu0.12+esm18 released
trusty	needs-triage

xorg-server-hwe-16.04

plucky	dne
oracular	dne
noble	dne
jammy	dne
xenial	Fixed 2:1.19.6-1ubuntu4.1~16.04.6+esm10 released

xorg-server-hwe-18.04

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	Fixed 2:1.20.8-2ubuntu2.2~18.04.11+esm5 released

xwayland

plucky	Fixed 2:24.1.6-1ubuntu0.1 released
oracular	Fixed 2:24.1.2-1ubuntu0.6 released
noble	Fixed 2:23.2.6-1ubuntu0.6 released
jammy	Fixed 2:22.1.1-1ubuntu0.19 released

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Vulnerability Media Exposure

[GERMAN] X.Org X11 und Xwayland: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen und möglicherweise Code auszuführen oder nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2025-06-17T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2025-49178

https://bugzilla.redhat.com/show_bug.cgi?id=2369977