CVE-2025-62231

Description

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

How to fix CVE-2025-62231

To remediate CVE-2025-62231, upgrade the affected package to a fixed version below.

Debian/xorg-server—upgrade to 2:1.20.11-1+deb11u17 or later
—no fix listed

Is CVE-2025-62231 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2:1.20.11-1+deb11u17
from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-62231