CVE ID: CVE-2025-62229 Disclosure Date: October 29, 2025 Severity: Moderate CVSS v3 Score: 7.3 Description A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers, leading to a use-after-free condition. This may result in memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. Affected Packages Red Hat Enterprise Linux 6 - - (Out of support scope) Red Hat Enterprise Linux 7 - - Red Hat Enterprise Linux 8 - - - Red Hat Enterprise Linux 9 - CVSS Score Details CVSS v3 Base Score: 7.3 Attack Vector: Local Attack Complexity: Low Confidentiality Impact: Low Integrity Impact: High Availability Impact: High Weakness (CWE) CWE-416: Use After Free - Technical Impact: - Memory corruption - Crash, Exit, or Restart - Execute Unauthorized Code or Commands Acknowledgements Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.