CVE & CISA-KEV Catalog

CVE-2025-49177

MEDIUM
6.1
CVSS v3
NVD

Description

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

How to fix

Remediation Available
xorg-serverDebian
Fixed in:2:21.1.7-3+deb12u10CVE-2025-49177
Fixed in:2:21.1.16-1.2CVE-2025-49177
Fixed in:2:21.1.16-1.2CVE-2025-49177
xorg-x11-serverRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-serverRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XdmxRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XdmxRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xdmx-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xdmx-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XephyrRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XephyrRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xephyr-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xephyr-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XnestRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XnestRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xnest-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xnest-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XorgRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XorgRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xorg-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xorg-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XvfbRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XvfbRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xvfb-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-Xvfb-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-XwaylandRed Hat / RHEL
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
xorg-x11-server-XwaylandRocky
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
xorg-x11-server-Xwayland-debuginfoRocky
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
xorg-x11-server-Xwayland-debuginfoRed Hat / RHEL
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
xorg-x11-server-Xwayland-debugsourceRed Hat / RHEL
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
xorg-x11-server-Xwayland-debugsourceRocky
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
Fixed in:0:22.1.9-6.el9_4RHSA-2025:10258
xorg-x11-server-Xwayland-develRocky
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
xorg-x11-server-Xwayland-develRed Hat / RHEL
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:24.1.5-4.el10_0RHSA-2025:9304
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
Fixed in:0:23.2.7-4.el9_6RHSA-2025:9303
xorg-x11-server-commonRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-commonRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-debuginfoRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-debuginfoRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-debugsourceRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-debugsourceRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-develRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-develRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-sourceRed Hat / RHEL
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-x11-server-sourceRocky
Fixed in:0:1.20.11-31.el9_6RHSA-2025:9303
xorg-serverUbuntu
Fixed in:2:21.1.4-2ubuntu1.7~22.04.15USN-7573-1
Fixed in:2:21.1.12-1ubuntu1.4USN-7573-1
xserver-xorg-coreUbuntu
Fixed in:2:21.1.4-2ubuntu1.7~22.04.15USN-7573-1
Fixed in:2:21.1.12-1ubuntu1.4USN-7573-1
xwaylandUbuntu
Fixed in:2:22.1.1-1ubuntu0.19USN-7573-1
Fixed in:2:23.2.6-1ubuntu0.6USN-7573-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityLow

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Exploit Intelligence

0.36%probability of exploitation in 30 days
28thpercentile

Low risk: more likely to be exploited than 28% of all known CVEs.

References

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2025-49177
CVE-2025-49177 severity badge

Markdown

[![CVE-2025-49177](https://tridentstack.com/cve/badge/CVE-2025-49177.svg)](https://tridentstack.com/cve/CVE-2025-49177)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-49177"><img src="https://tridentstack.com/cve/badge/CVE-2025-49177.svg" alt="CVE-2025-49177"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.