CVE-2025-26599
Published: 25 February 2025
Summary
CVE-2025-26599 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 Flaw Remediation directly mitigates this CVE by requiring timely application of vendor patches such as the Red Hat errata addressing the uninitialized pointer flaw in X.Org and Xwayland.
SI-11 Error Handling addresses the root cause by ensuring systems process allocation failures and errors without leaving data partially uninitialized or exposing uninitialized pointers.
SI-16 Memory Protection provides runtime safeguards like address space layout randomization and data execution prevention to mitigate exploitation of the uninitialized pointer access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-26599 is a memory corruption vulnerability (uninitialized pointer) in Xwayland/X.Org components integrated in TigerVNC server, enabling remote code execution or denial of service via malformed X11 protocol requests over VNC remote service.
NVD Description
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked…
more
just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
Deeper analysisAI
CVE-2025-26599 is an access to an uninitialized pointer flaw (CWE-824) affecting X.Org and Xwayland. The vulnerability arises when the function compCheckRedirect() fails to allocate the backing pixmap, causing compRedirectWindow() to return a BadAlloc error without fully validating the previously marked window tree. This leaves the validated data partly uninitialized, resulting in the subsequent use of an uninitialized pointer. The issue was published on 2025-02-25 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise on affected X.Org or Xwayland installations.
Red Hat has released multiple errata addressing the flaw, including RHSA-2025:2500, RHSA-2025:2502, RHSA-2025:2861, RHSA-2025:2862, and RHSA-2025:2865, which provide updated packages with fixes for vulnerable systems.
Details
- CWE(s)