CVE-2025-26598
high
CVSS v3
—
CVSS v4 NEW
—
VIR risk
8.0
Description
RHSA-2025:2502: tigervnc security update (Important)
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API
Description xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() Red Hat statement Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity and are not affected by this bug. CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases…
Description
xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient()
Red Hat statement
Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity and are not affected by this bug.
CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | xorg-x11-server-Xwayland-0:24.1.5-3.el10_0 | RHSA-2025:7458 | 2025-05-13T00:00:00Z |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | tigervnc-0:1.1.0-25.el6_10 | RHSA-2025:3976 | 2025-04-17T00:00:00Z |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | tigervnc-0:1.8.0-36.el7_9 | RHSA-2025:2861 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | xorg-x11-server-0:1.20.4-30.el7_9 | RHSA-2025:2879 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8 | tigervnc-0:1.13.1-15.el8_10 | RHSA-2025:2502 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | tigervnc-0:1.9.0-15.el8_2.13 | RHSA-2025:2866 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | tigervnc-0:1.11.0-8.el8_4.12 | RHSA-2025:2865 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | tigervnc-0:1.11.0-8.el8_4.12 | RHSA-2025:2865 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | tigervnc-0:1.11.0-8.el8_4.12 | RHSA-2025:2865 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | tigervnc-0:1.12.0-6.el8_6.13 | RHSA-2025:2880 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | tigervnc-0:1.12.0-6.el8_6.13 | RHSA-2025:2880 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | tigervnc-0:1.12.0-6.el8_6.13 | RHSA-2025:2880 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | tigervnc-0:1.12.0-15.el8_8.12 | RHSA-2025:2862 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 9 | tigervnc-0:1.14.1-1.el9_5.1 | RHSA-2025:2500 | 2025-03-10T00:00:00Z |
| Red Hat Enterprise Linux 9 | xorg-x11-server-0:1.20.11-28.el9_6 | RHSA-2025:7163 | 2025-05-13T00:00:00Z |
| Red Hat Enterprise Linux 9 | xorg-x11-server-Xwayland-0:23.2.7-3.el9_6 | RHSA-2025:7165 | 2025-05-13T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | tigervnc-0:1.11.0-22.el9_0.13 | RHSA-2025:2873 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | tigervnc-0:1.12.0-14.el9_2.10 | RHSA-2025:2874 | 2025-03-17T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | tigervnc-0:1.13.1-8.el9_4.5 | RHSA-2025:2875 | 2025-03-17T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | xorg-x11-server | Out of support scope |
| Red Hat Enterprise Linux 8 | xorg-x11-server | Not affected |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland | Not affected |
Apply commands
Apply RHSA-2025:7458 for Red Hat Enterprise Linux 10
yum update -y xorg-x11-server-Xwayland
# or:
dnf upgrade -y xorg-x11-server-XwaylandAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 2:21.1.7-3+deb12u9 |
| debian | bullseye | fixed | 2:1.20.11-1+deb11u15 |
| debian | forky | fixed | 2:21.1.16-1 |
| debian | sid | fixed | 2:21.1.16-1 |
| debian | trixie | fixed | 2:21.1.16-1 |
| almalinux | 9 | fixed | tigervnc-icons-1.14.1-1.el9_5.1.noarch.rpm |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHSA-2025:2500
- https://access.redhat.com/errata/RHSA-2025:7163
- https://access.redhat.com/errata/RHSA-2025:7165
- https://errata.rockylinux.org/RLSA-2025:2502
- https://www.suse.com/security/cve/CVE-2025-26598.html
- https://errata.rockylinux.org/RLSA-2025:7165
- https://errata.rockylinux.org/RLSA-2025:2500
- https://security-tracker.debian.org/tracker/CVE-2025-26598
- https://access.redhat.com/errata/RHSA-2025:2502
- https://bugzilla.redhat.com/2345248
- https://bugzilla.redhat.com/2345251
- https://bugzilla.redhat.com/2345252
- https://bugzilla.redhat.com/2345253
- https://bugzilla.redhat.com/2345254
- https://bugzilla.redhat.com/2345255
- https://bugzilla.redhat.com/2345256
- https://bugzilla.redhat.com/2345257
- https://errata.almalinux.org/8/ALSA-2025-2502.html
- https://errata.almalinux.org/9/ALSA-2025-2500.html
- https://bugzilla.redhat.com/2317233
- https://errata.almalinux.org/9/ALSA-2025-7165.html
- https://errata.almalinux.org/9/ALSA-2025-7163.html
- https://errata.rockylinux.org/RLSA-2025:7163
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.