CVE-2025-5024

NameCVE-2025-5024
DescriptionA flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1106527

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-remote-desktop (PTS)bullseye0.1.9-5vulnerable
bookworm43.3-1vulnerable
forky, trixie48.1-4vulnerable
sid48.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-remote-desktopsource(unstable)(unfixed)1106527

Notes

[trixie] - gnome-remote-desktop <no-dsa> (Minor issue)
[bookworm] - gnome-remote-desktop <no-dsa> (Minor issue)
[bullseye] - gnome-remote-desktop <postponed> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2367717
Fixed by https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321
Search for package or bug name: Reporting problems