CVE Catalog

CVE-2025-49177

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

A vulnerability was found in the XFIXES extension where the XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Risk Assessment

An attacker could exploit this flaw to leak sensitive data from the X server memory, potentially exposing information from other users or processes.

Recommendation

Immediately update the XFIXES library to a version that includes the request length validation fix. If an update is not available, restrict X server access to trusted clients only.

Original NVD description (English source)

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS