GNOME RDP Vulnerability Let Attackers Exhaust System Resources & Crash Process
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A severe security vulnerability affecting GNOME Remote Desktop has been discovered, allowing unauthenticated attackers to exhaust system resources and crash critical processes.
CVE-2025-5024, disclosed on May 21, 2025, poses significant risks to organizations utilizing remote desktop services across Red Hat Enterprise Linux environments.
The vulnerability, assigned a CVSS score of 7.4, indicating high severity, targets the gnome-remote-desktop service when configured to listen for Remote Desktop Protocol (RDP) connections.
Security researchers have identified this flaw as an Uncontrolled Resource Consumption vulnerability classified under CWE-400, enabling attackers to exploit the system without requiring authentication credentials.
GNOME Remote Desktop Vulnerability (CVE-2025-5024)
The vulnerability stems from how Gnome-Remote-Desktop handles incoming RDP Protocol Data Units (PDUs) when establishing connections.
According to Red Hat‘s security advisory, malformed RDP PDUs can trigger excessive resource consumption, leading to service crashes and potential system instability.
The attack vector utilizes network-based exploitation with low complexity, requiring no special privileges from the attacker.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H indicates that while the attack requires user interaction, it can be executed remotely with changed scope, resulting in high availability impact.
Security experts note that repeated exploitation attempts may cause persistent resource leaks, preventing the gnome-remote-desktop service from opening files even after systemd restarts the process.
Risk Factors Details Affected Products– Red Hat Enterprise Linux: Versions 8, 9, 10 (gnome-remote-desktop package) – Debian: Bullseye (11), Bookworm (12), Trixie (13), Sid (unstable) – Ubuntu: 25.04, 24.10, 24.04 LTS, 22.04 LTS, 20.04 LTS (under evaluation) ImpactPersistent denial-of-service via resource exhaustionExploit PrerequisitesRequires victim to initiate RDP connectionMalformed RDP Protocol Data Units (PDUs) must reach serviceCVSS 3.1 Score7.4 (High)
Affected Systems
Red Hat Enterprise Linux versions 8, 9, and 10 are confirmed vulnerable to CVE-2025-5024, with the gnome-remote-desktop package specifically affected across all these distributions.
The vulnerability also impacts Debian systems running versions 11, 12, and 13 of the gnome-remote-desktop package.
Security analysts have assigned an EPSS (Exploit Prediction Scoring System) score of 0.04%, indicating approximately 9th percentile risk for exploitation within 30 days.
The denial-of-service nature of this vulnerability can severely disrupt remote desktop operations, particularly in enterprise environments where gnome-remote-desktop facilitates critical remote access workflows.
Unlike traditional service crashes, the resource leak component means that affected systems may require manual intervention beyond simple service restarts to restore full functionality.
Security administrators can implement immediate protective measures by disabling the gnome-remote-desktop service using systemctl commands: sudo systemctl stop gnome-remote-desktop.service and sudo systemctl disable gnome-remote-desktop.service.
This temporary workaround prevents the service from listening for RDP connections, effectively mitigating exploitation attempts until patches become available.
Organizations should prioritize firewall configurations to block port 3389, the standard RDP port, particularly for internet-facing systems.
Network segmentation and access control policies can further limit exposure by restricting RDP access to authorized network segments.
System administrators are advised to monitor for unusual resource consumption patterns and implement automated service health checks to detect potential exploitation attempts.
Red Hat has acknowledged the vulnerability through bugzilla report 2367717, focusing on “Uncontrolled Resource Consumption due to Malformed RDP PDUs”.
Organizations utilizing affected systems should prepare for security updates and consider implementing alternative remote desktop solutions for critical operations until comprehensive patches are deployed across their infrastructure.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
GNOME RDP Vulnerability Let Attackers Exhaust System Resources & Crash Process
Author: KaaviyaA severe security vulnerability affecting GNOME Remote Desktop has been discovered, allowing unauthenticated attackers to exhaust system resources and crash critical processes.
CVE-2025-5024, disclosed on May 21, 2025, poses significant risks to organizations utilizing remote desktop services across Red Hat Enterprise Linux environments.
The vulnerability, assigned a CVSS score of 7.4, indicating high severity, targets the gnome-remote-desktop service when configured to listen for Remote Desktop Protocol (RDP) connections.
Security researchers have identified this flaw as an Uncontrolled Resource Consumption vulnerability classified under CWE-400, enabling attackers to exploit the system without requiring authentication credentials.
GNOME Remote Desktop Vulnerability (CVE-2025-5024)
The vulnerability stems from how Gnome-Remote-Desktop handles incoming RDP Protocol Data Units (PDUs) when establishing connections.
According to Red Hat‘s security advisory, malformed RDP PDUs can trigger excessive resource consumption, leading to service crashes and potential system instability.
The attack vector utilizes network-based exploitation with low complexity, requiring no special privileges from the attacker.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H indicates that while the attack requires user interaction, it can be executed remotely with changed scope, resulting in high availability impact.
Security experts note that repeated exploitation attempts may cause persistent resource leaks, preventing the gnome-remote-desktop service from opening files even after systemd restarts the process.
Risk Factors Details Affected Products– Red Hat Enterprise Linux: Versions 8, 9, 10 (gnome-remote-desktop package) – Debian: Bullseye (11), Bookworm (12), Trixie (13), Sid (unstable) – Ubuntu: 25.04, 24.10, 24.04 LTS, 22.04 LTS, 20.04 LTS (under evaluation) ImpactPersistent denial-of-service via resource exhaustionExploit PrerequisitesRequires victim to initiate RDP connectionMalformed RDP Protocol Data Units (PDUs) must reach serviceCVSS 3.1 Score7.4 (High)
Affected Systems
Red Hat Enterprise Linux versions 8, 9, and 10 are confirmed vulnerable to CVE-2025-5024, with the gnome-remote-desktop package specifically affected across all these distributions.
The vulnerability also impacts Debian systems running versions 11, 12, and 13 of the gnome-remote-desktop package.
Security analysts have assigned an EPSS (Exploit Prediction Scoring System) score of 0.04%, indicating approximately 9th percentile risk for exploitation within 30 days.
The denial-of-service nature of this vulnerability can severely disrupt remote desktop operations, particularly in enterprise environments where gnome-remote-desktop facilitates critical remote access workflows.
Unlike traditional service crashes, the resource leak component means that affected systems may require manual intervention beyond simple service restarts to restore full functionality.
Security administrators can implement immediate protective measures by disabling the gnome-remote-desktop service using systemctl commands: sudo systemctl stop gnome-remote-desktop.service and sudo systemctl disable gnome-remote-desktop.service.
This temporary workaround prevents the service from listening for RDP connections, effectively mitigating exploitation attempts until patches become available.
Organizations should prioritize firewall configurations to block port 3389, the standard RDP port, particularly for internet-facing systems.
Network segmentation and access control policies can further limit exposure by restricting RDP access to authorized network segments.
System administrators are advised to monitor for unusual resource consumption patterns and implement automated service health checks to detect potential exploitation attempts.
Red Hat has acknowledged the vulnerability through bugzilla report 2367717, focusing on “Uncontrolled Resource Consumption due to Malformed RDP PDUs”.
Organizations utilizing affected systems should prepare for security updates and consider implementing alternative remote desktop solutions for critical operations until comprehensive patches are deployed across their infrastructure.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
