CVE-2025-4478: Gnome-remote-desktop: unauthenticated rdp packet causes segfault in gnome-remote-desktop leading to denial of service
Description
A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
Classification
CVE ID: CVE-2025-4478
CVSS Base Severity: HIGH
CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Problem Types
NULL Pointer DereferenceAffected Products
Vendor: Red Hat
Product: Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 15.35% (scored less or equal to compared to others)
EPSS Date: 2025-06-14 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4478https://access.redhat.com/security/cve/CVE-2025-4478
https://bugzilla.redhat.com/show_bug.cgi?id=2365232