CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/security/cve/CVE-2025-49177
https://bugzilla.redhat.com/show_bug.cgi?id=2369955

Configurations

No configuration.

History

13 Oct 2025, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9303 -

02 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 15:15

Updated : 2025-10-13 08:15

NVD link : CVE-2025-49177

Mitre link : CVE-2025-49177

CVE.ORG link : CVE-2025-49177

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.1 /10