CVE-2025-26599

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 25, 2025

Updated: Mar 10, 2025

CWE ID 824

Summary

CVE-2025-26599 is a newly disclosed vulnerability affecting X.Org and Xwayland. This issue involves an uninitialized pointer flaw in the function compCheckRedirect(). If the function fails to allocate a backing pixmap, compRedirectWindow() returns an error without properly validating the window tree. Consequently, data remains partly initialized, exposing the risk of using an uninitialized pointer later in the code. This vulnerability can lead to arbitrary code execution or denial of service attacks if exploited successfully.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Enterprise Linux

Affected Vendors

Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3TAi3u
https://www.cve.org/CVERecord?id=CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26599

Back to Vulnerability Database