Key Information Summary - CVE-2025-62230 Basic Information CVE ID: CVE-2025-62230 Disclosure Date: October 29, 2025 CVSS v3 Score: 7.3 (Medium Severity) Vulnerability Description Description: A vulnerability exists in the X Keyboard Extension of the X.Org X server, related to client resource cleanup. The software releases certain data structures without properly detaching associated resources, leading to use-after-free conditions. This may result in memory corruption or crashes when affected clients disconnect. Affected Software Packages Red Hat Enterprise Linux 10: xorg-x11-server-Xwayland Red Hat Enterprise Linux 6: tigervnc, xorg-x11-server Red Hat Enterprise Linux 7: tigervnc, xorg-x11-server Red Hat Enterprise Linux 8: tigervnc, xorg-x11-server, xorg-x11-server-Xwayland Red Hat Enterprise Linux 9: tigervnc, xorg-x11-server CVSS v3 Score Details Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity and Availability Impact: Low and High Vulnerability Analysis (CWE-416) Description: Use-after-free, which may lead to memory corruption, crashes, or arbitrary code execution. Additional Information Vulnerability Reporter: Jan-Niklas Sohn (Trend Micro Zero Day Initiative) Page Last Modified: October 30, 2025, 5:19:29 AM UTC