CVE-2025-4478 (GCVE-0-2025-4478)
Vulnerability from cvelistv5
Published
2025-05-16 14:22
Modified
2025-07-29 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► |
Version: 3.0.0-beta1 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-4478", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-16T14:46:22.256427Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-16T14:46:33.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://www.freerdp.com/", "defaultStatus": "unaffected", "packageName": "freerdp", "versions": [ { "lessThan": "3.16.0", "status": "affected", "version": "3.0.0-beta1", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10.0" ], "defaultStatus": "affected", "packageName": "freerdp", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2:3.10.3-3.el10_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "freerdp", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "freerdp", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2025-05-13T05:14:44.346Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in the FreeRDP used by Anaconda\u0027s remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-29T18:34:18.105Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2025:9307", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2025:9307" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-4478" }, { "name": "RHBZ#2365232", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365232" }, { "url": "https://github.com/FreeRDP/FreeRDP/pull/11573" } ], "timeline": [ { "lang": "en", "time": "2025-05-09T05:55:04.784000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2025-05-13T05:14:44.346000+00:00", "value": "Made public." } ], "title": "Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2025-4478", "datePublished": "2025-05-16T14:22:17.265Z", "dateReserved": "2025-05-09T06:11:27.591Z", "dateUpdated": "2025-07-29T18:34:18.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2025-4478\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-05-16T15:15:48.630\",\"lastModified\":\"2025-07-29T19:15:46.473\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the FreeRDP used by Anaconda\u0027s remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en el gnome-remote-desktop utilizado por la funci\u00f3n de instalaci\u00f3n remota de Anaconda. Un paquete RDP manipulado pod\u00eda provocar un fallo de segmentaci\u00f3n. Este problema provoca que el servicio se bloquee y permanezca inactivo, lo que resulta en una denegaci\u00f3n de servicio. Ocurre antes del arranque y probablemente se deba a una desreferencia de puntero nulo. Es necesario reiniciar el sistema para recuperarlo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9307\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-4478\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2365232\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/FreeRDP/FreeRDP/pull/11573\",\"source\":\"secalert@redhat.com\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4478\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-16T14:46:22.256427Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-16T14:46:25.816Z\"}}], \"cna\": {\"title\": \"Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0-beta1\", \"lessThan\": \"3.16.0\", \"versionType\": \"semver\"}], \"packageName\": \"freerdp\", \"collectionURL\": \"https://www.freerdp.com/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2:3.10.3-3.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"freerdp\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"freerdp\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"freerdp\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-05-09T05:55:04.784000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-05-13T05:14:44.346000+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-05-13T05:14:44.346Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:9307\", \"name\": \"RHSA-2025:9307\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-4478\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2365232\", \"name\": \"RHBZ#2365232\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/FreeRDP/FreeRDP/pull/11573\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the FreeRDP used by Anaconda\u0027s remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-07-29T18:34:18.105Z\"}, \"x_redhatCweChain\": \"CWE-476: NULL Pointer Dereference\"}}", "cveMetadata": "{\"cveId\": \"CVE-2025-4478\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-29T18:34:18.105Z\", \"dateReserved\": \"2025-05-09T06:11:27.591Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-05-16T14:22:17.265Z\", \"assignerShortName\": \"redhat\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…