Permalink
CVE-2025-5024
7.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
References
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10742 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- RHSA-2025:11403 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11404 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11405 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11406 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11407 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11408 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11418 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10742 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10742 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11403 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11404 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11405 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11406 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11407 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11408 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11418 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10742 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11403 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11404 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11405 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11406 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11407 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11408 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11418 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321
- RHSA-2025:10631 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10635 vendor-advisory x_refsource_REDHAT
- RHSA-2025:10742 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11403 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11404 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11405 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11406 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11407 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11408 vendor-advisory x_refsource_REDHAT
- RHSA-2025:11418 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5024 x_refsource_REDHAT vdb-entry
- RHBZ#2367717 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321
Affected products
gnome-remote-desktop
- *
Matching in nixpkgs
pkgs.gnome-remote-desktop
GNOME Remote Desktop server
-
nixos-unstable -
- nixpkgs-unstable 48.1
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>