CVE-2025-5024

Sažetak

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

Reference

https://access.redhat.com/errata/RHSA-2025:10631
https://access.redhat.com/errata/RHSA-2025:10635
https://access.redhat.com/errata/RHSA-2025:10742
https://access.redhat.com/errata/RHSA-2025:11403
https://access.redhat.com/errata/RHSA-2025:11404
https://access.redhat.com/errata/RHSA-2025:11405
https://access.redhat.com/errata/RHSA-2025:11406
https://access.redhat.com/errata/RHSA-2025:11407
https://access.redhat.com/errata/RHSA-2025:11408
https://access.redhat.com/errata/RHSA-2025:11418
https://access.redhat.com/security/cve/CVE-2025-5024
https://bugzilla.redhat.com/show_bug.cgi?id=2367717
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321

CVSS

Base:	7.4
Impact:	4.0
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Zadnje važnije ažuriranje

12-08-2025 - 10:15

Objavljeno

22-05-2025 - 15:16