CVE-2025-62231 HIGH

CVE-2025-62231: Xorg: xmayland: value overflow in xkbsetcompatmap()

Vendor X.org
Product Xwayland
Weakness CWE-190
Published October 30, 2025
Last update April 20, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

Key dates

02Disclosure timeline

October 30, 2025 CVE published
April 20, 2026 Record updated