{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4478", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-05-09T06:11:27.591Z", "datePublished": "2025-05-16T14:22:17.265Z", "dateUpdated": "2025-10-14T20:47:10.087Z"}, "containers": {"cna": {"title": "Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system."}], "affected": [{"versions": [{"status": "affected", "version": "3.0.0-beta1", "lessThan": "3.16.0", "versionType": "semver"}], "packageName": "freerdp", "collectionURL": "https://www.freerdp.com/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "freerdp", "defaultStatus": "affected", "versions": [{"version": "2:3.10.3-3.el10_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.0"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "freerdp", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "freerdp", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9307", "name": "RHSA-2025:9307", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4478", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365232", "name": "RHBZ#2365232", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/FreeRDP/FreeRDP/pull/11573"}], "datePublic": "2025-05-13T05:14:44.346Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-05-09T05:55:04.784000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-13T05:14:44.346000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-14T20:47:10.087Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T14:46:22.256427Z", "id": "CVE-2025-4478", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T14:46:33.506Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4478", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T14:46:22.256427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T14:46:25.816Z"}}], "cna": {"title": "Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "3.0.0-beta1", "lessThan": "3.16.0", "versionType": "semver"}], "packageName": "freerdp", "collectionURL": "https://www.freerdp.com/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.0"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "2:3.10.3-3.el10_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "freerdp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "freerdp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "freerdp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-09T05:55:04.784000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-05-13T05:14:44.346000+00:00", "value": "Made public."}], "datePublic": "2025-05-13T05:14:44.346Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9307", "name": "RHSA-2025:9307", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4478", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365232", "name": "RHBZ#2365232", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/FreeRDP/FreeRDP/pull/11573"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-10-14T20:47:10.087Z"}, "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"}}, "cveMetadata": {"cveId": "CVE-2025-4478", "state": "PUBLISHED", "dateUpdated": "2025-10-14T20:47:10.087Z", "dateReserved": "2025-05-09T06:11:27.591Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-05-16T14:22:17.265Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "B012E9ED-664F-4213-8F06-4226D1EAF3FD", "versionEndExcluding": "3.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el gnome-remote-desktop utilizado por la funci\u00f3n de instalaci\u00f3n remota de Anaconda. Un paquete RDP manipulado pod\u00eda provocar un fallo de segmentaci\u00f3n. Este problema provoca que el servicio se bloquee y permanezca inactivo, lo que resulta en una denegaci\u00f3n de servicio. Ocurre antes del arranque y probablemente se deba a una desreferencia de puntero nulo. Es necesario reiniciar el sistema para recuperarlo."}], "id": "CVE-2025-4478", "lastModified": "2025-10-14T20:39:08.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-16T15:15:48.630", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2025:9307"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2025-4478"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365232"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/FreeRDP/FreeRDP/pull/11573"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:9307", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "freerdp-2:3.10.3-3.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-23T00:00:00Z"}], "bugzilla": {"description": "gnome-remote-desktop: freerdp: Unauthenticated RDP Packet Causes Segfault in FreeRDP Leading to Denial of Service", "id": "2365232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365232"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.", "A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-4478", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-13T05:14:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4478\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4478"], "statement": "The severity of this issue is assessed as moderate rather than high, primarily because successful exploitation requires the remote installation feature to be explicitly enabled by the system administrator a non-default configuration in most RHEL deployments. The vulnerability arises during a pre-boot phase where a crafted RDP packet can trigger a segmentation fault in gnome-remote-desktop via FreeRDP, leading to a denial of service. While impactful, this scenario is limited to specific use cases, such as unattended remote installations, and does not result in privilege escalation or arbitrary code execution.\nFurthermore, the flaw appears to stem from a null-pointer dereference, which generally results in a crash without introducing broader system compromise. The attack requires network access to the installer at a precise phase of its operation and is constrained by the need for a custom setup (e.g., RDP-based installs). As such, while the vulnerability does impact system availability under targeted conditions, its exploitability is restricted by environmental requirements and lack of persistence post-reboot, thereby reducing its overall risk profile compared to vulnerabilities that enable remote code execution or affect default system behavior.", "threat_severity": "Moderate"}