A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 12 Aug 2025 09:45:00 +0000


Mon, 21 Jul 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus
Redhat rhel Eus Long Life
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products Redhat rhel Aus
Redhat rhel Eus
Redhat rhel Eus Long Life
Redhat rhel Tus
References

Mon, 21 Jul 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products Redhat rhel E4s
References

Thu, 10 Jul 2025 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Wed, 09 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
References

Wed, 09 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Tue, 08 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:10.0
References

Thu, 22 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 May 2025 15:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Title gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Thu, 22 May 2025 02:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs
Weaknesses CWE-400
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-12T09:35:38.025Z

Reserved: 2025-05-21T06:10:08.134Z

Link: CVE-2025-5024

cve-icon Vulnrichment

Updated: 2025-05-22T17:42:58.589Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-22T15:16:05.810

Modified: 2025-08-12T10:15:26.160

Link: CVE-2025-5024

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-05-21T06:16:27Z

Links: CVE-2025-5024 - Bugzilla

cve-icon OpenCVE Enrichment

No data.