AZL-64259 CVE-2025-49178 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2

🗓️ 17 Jun 2025 15:15:45Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

Xorg Xwayland server flaw causes denial of service via non-zero bytes in a client request.

Reporter	Title	Published	Views	Family All 304
IBM Security Bulletins	Security Bulletin: AIX/VIOS is vulnerable to a denial of service (CVE-2025-49175, CVE-2025-49178) and an integer overflow (CVE-2025-49176, CVE-2025-49179)	13 Oct 202516:02	–	ibm
Tenable Nessus	AIX : Multiple Vulnerabilities (IJ55665)	13 Oct 202500:00	–	nessus
Tenable Nessus	AIX : Multiple Vulnerabilities (IJ55695)	13 Oct 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2025-1060)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1061)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-1062)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tigervnc (ALAS-2025-2917)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : xorg-x11-server (ALAS-2025-2918)	10 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2025:9303)	30 Jun 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : xorg-x11-server-Xwayland (ALSA-2025:9304)	9 Oct 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-49178

21 Apr 2026 04:32Current

7.1High risk

Vulners AI Score7.1

CVSS 3.15.5

EPSS0.00229

SSVC

xorg xwayland server denial of service non zero bytes vulnerability 2025 49178