CVE-2025-26598
Published: 25 February 2025
Summary
CVE-2025-26598 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-26598 is an out-of-bounds write vulnerability in X.Org Server and Xwayland. The flaw occurs in the GetBarrierDevice() function, which searches for a pointer device by its device ID and is intended to return NULL if no match is found. Instead, the function returns the last element of the list when no matching device ID exists, potentially leading to out-of-bounds memory access. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling potential arbitrary code execution, data corruption, or system crashes through the out-of-bounds write.
Red Hat has issued multiple security errata addressing this issue, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages for affected Red Hat products incorporating fixes for the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5423
Vulnerability details
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will…
more
return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write and related memory corruption vulnerabilities (use-after-free, buffer/heap overflows) in Xwayland, as patched in TigerVNC server, enable remote exploitation over VNC connections for arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates identification, reporting, and correction of software flaws like the out-of-bounds write in X.Org Server's GetBarrierDevice function via timely patching.
Provides runtime memory protections such as non-executable memory and address space randomization to block exploitation of out-of-bounds writes in CVE-2025-26598.
Facilitates discovery of vulnerabilities like CVE-2025-26598 through automated scanning, enabling proactive flaw remediation.