cve 2025 49177

CVE-2025-49177 is a userland X server vulnerability affecting the XFIXES extension, specifically the XFixesSetClientDisconnectMode request handler which fails to validate the request. Microsoft's MSRC note indicates that Azure Linux includes the affected open-source library (Xorg/Xwayland/tigervnc) and is potentially affected, but this should not be read as a categorical statement that no other Microsoft product could include the same components. The vulnerability highlights cross-product risk and the importance of SBOM and compliance monitoring. Discussions on WindowsForum cover the scope of impact, mitigation strategies, and the need for thorough patch management across Azure Linux and potentially other Microsoft products.