CVE-2025-49176 HIGH

CVE-2025-49176: Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

Vendor X.org
Product xwayland
Weakness CWE-190
Published June 17, 2025
Last update December 11, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

Key dates

02Disclosure timeline

June 17, 2025 CVE published
December 11, 2025 Record updated