CVE-2025-5024

NameCVE-2025-5024
DescriptionA flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1106527

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnome-remote-desktop (PTS)bullseye0.1.9-5vulnerable
bookworm43.3-1vulnerable
trixie48.1-1vulnerable
sid48.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnome-remote-desktopsource(unstable)(unfixed)1106527

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2367717
Search for package or bug name: Reporting problems