Skip to main content

CVE-2025-49177

| EUVDEUVD-2025-18499 MEDIUM
Information Exposure (CWE-200)
2025-06-17 secalert@redhat.com
6.1
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
6.1 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18499
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 15:15 nvd
MEDIUM 6.1

DescriptionCVE.org

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Analysis

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Vendor StatusVendor

Ubuntu

Priority: Medium
xorg-server
Release Status Version
jammy released 2:21.1.4-2ubuntu1.7~22.04.15
noble released 2:21.1.12-1ubuntu1.4
oracular released 2:21.1.13-2ubuntu1.4
plucky released 2:21.1.16-1ubuntu1.1
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
upstream released 21.1.17
questing released 2:21.1.18-1ubuntu1
xwayland
Release Status Version
jammy released 2:22.1.1-1ubuntu0.19
noble released 2:23.2.6-1ubuntu0.6
oracular released 2:24.1.2-1ubuntu0.6
plucky released 2:24.1.6-1ubuntu0.1
upstream released 24.1.7
questing released 2:24.1.6-1ubuntu1
xorg
Release Status Version
xenial not-affected code not present
bionic not-affected code not present
focal not-affected code not present
jammy not-affected code not present
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
upstream not-affected -
questing not-affected code not present
xorg-server-hwe-16.04
Release Status Version
xenial needs-triage -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
xorg-server-hwe-18.04
Release Status Version
bionic needs-triage -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -
xorg-hwe-16.04
Release Status Version
xenial not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -
xorg-hwe-18.04
Release Status Version
bionic not-affected code not present
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream not-affected -
questing DNE -

Debian

Bug #1108369
xorg-server
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 2:1.20.11-1+deb11u17 -
bookworm, bookworm (security) fixed 2:21.1.7-3+deb12u11 -
trixie (security), trixie fixed 2:21.1.16-1.3+deb13u1 -
forky, sid fixed 2:21.1.21-1 -
bookworm fixed 2:21.1.7-3+deb12u10 -
(unstable) fixed 2:21.1.16-1.2 -
xwayland
Release Status Fixed Version Urgency
bookworm vulnerable 2:22.1.9-1 -
trixie vulnerable 2:24.1.6-1 -
forky, sid fixed 2:24.1.9-1 -
(unstable) fixed 2:24.1.8-1 -

SUSE

Severity: Medium
Product Status
Container suse/kiosk/xorg:21.1-46.1 Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Affected
Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-EC2 Image SLES15-SP5-SAPCAL-GCE Affected
Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Affected
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2025-49177 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy