UBUNTU-CVE-2025-5024

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-5024
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-5024
Upstream
Published
2025-05-22T15:16:00Z
Modified
2026-05-20T16:23:33.049711831Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

References

Affected packages

Ubuntu:20.04:LTS / gnome-remote-desktop

Package

Name
gnome-remote-desktop
Purl
pkg:deb/ubuntu/gnome-remote-desktop?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.1.7-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "0.1.7-1",
            "binary_name": "gnome-remote-desktop"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json"

Ubuntu:22.04:LTS / gnome-remote-desktop

Package

Name
gnome-remote-desktop
Purl
pkg:deb/ubuntu/gnome-remote-desktop?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

40.*
40.2-1
41.*
41.0-1
41.1-3
41.2-1
Other
42~beta-1
42~rc-1
42.*
42.0-1
42.0-2
42.0-4ubuntu1
42.1.1-0ubuntu1
42.2-0ubuntu1
42.3-0ubuntu1
42.4-0ubuntu1
42.7-0ubuntu1
42.9-0ubuntu0.22.04.1
42.9-0ubuntu0.22.04.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "42.9-0ubuntu0.22.04.2",
            "binary_name": "gnome-remote-desktop"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json"

Ubuntu:24.04:LTS / gnome-remote-desktop

Package

Name
gnome-remote-desktop
Purl
pkg:deb/ubuntu/gnome-remote-desktop?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

45.*
45.0-1
45.1-1
45.1-1build1
Other
46~rc-0ubuntu2
46.*
46.0-2
46.1-1
46.2-1~ubuntu24.04.2
46.3-0ubuntu1
46.3-0ubuntu1.1
46.3-0ubuntu1.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "46.3-0ubuntu1.2",
            "binary_name": "gnome-remote-desktop"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json"

Ubuntu:25.10 / gnome-remote-desktop

Package

Name
gnome-remote-desktop
Purl
pkg:deb/ubuntu/gnome-remote-desktop?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

48.*
48.0-1
48.1-2
Other
49~alpha-0ubuntu1
49~rc-0ubuntu1
49.*
49.0-0ubuntu1
49.0-0ubuntu1.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "49.0-0ubuntu1.1",
            "binary_name": "gnome-remote-desktop"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json"

Ubuntu:26.04:LTS / gnome-remote-desktop

Package

Name
gnome-remote-desktop
Purl
pkg:deb/ubuntu/gnome-remote-desktop?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

49.*
49.0-0ubuntu1
49.1-1
49.1-2
49.2-1
49.2-2
49.2-2ubuntu1
Other
50~beta-1
50~rc-0ubuntu1
50.*
50.0-0ubuntu1
50.0-0ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "50.0-0ubuntu2",
            "binary_name": "gnome-remote-desktop"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5024.json"