Skip to main content

CVE-2025-5024: Uncontrolled Resource Consumption in Red Hat Red Hat Enterprise Linux 10

High
VulnerabilityCVE-2025-5024cvecve-2025-5024
Published: Thu May 22 2025 (05/22/2025, 14:51:01 UTC)
Source: CVE
Vendor/Project: Red Hat
Product: Red Hat Enterprise Linux 10

Description

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

AI-Powered Analysis

AILast updated: 08/13/2025, 00:50:01 UTC

Technical Analysis

CVE-2025-5024 is a high-severity vulnerability affecting the gnome-remote-desktop component in Red Hat Enterprise Linux (RHEL) 10. The flaw arises when gnome-remote-desktop listens for Remote Desktop Protocol (RDP) connections. An unauthenticated attacker can exploit this vulnerability by sending crafted connection attempts that cause uncontrolled resource consumption, leading to exhaustion of system resources. This results in repeated crashes of the gnome-remote-desktop process. Furthermore, the vulnerability may cause a resource leak that persists even after the service is restarted via systemd, eventually preventing gnome-remote-desktop from opening files. The vulnerability does not impact confidentiality or integrity but severely affects availability, as the service becomes unusable. The CVSS 3.1 score is 7.4 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). The requirement for user interaction likely refers to the victim system needing to have gnome-remote-desktop running and listening for RDP connections. No known exploits are currently in the wild, and no patches have been linked yet. This vulnerability highlights a denial-of-service (DoS) attack vector against RHEL 10 systems running gnome-remote-desktop, potentially disrupting remote desktop services and impacting system stability.

Potential Impact

For European organizations, this vulnerability poses a significant risk to systems running Red Hat Enterprise Linux 10 with gnome-remote-desktop enabled, particularly in environments relying on remote desktop access for administration or user support. The denial-of-service condition can disrupt business continuity by making remote desktop services unavailable, potentially delaying critical operations. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that use RHEL 10 for secure remote access could face operational downtime and increased support costs. The resource exhaustion and persistent file-opening failures after service restarts could necessitate system reboots or manual intervention, increasing operational overhead. Since the attack requires no authentication and can be launched remotely, the attack surface is broad, especially if RDP ports are exposed or accessible within internal networks. The lack of confidentiality or integrity impact reduces the risk of data breaches but availability disruption can still have severe consequences, including loss of productivity and potential cascading failures in dependent systems.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should first verify if gnome-remote-desktop is enabled and listening for RDP connections on RHEL 10 systems. If remote desktop functionality is not required, disable gnome-remote-desktop to eliminate the attack surface. For systems requiring remote desktop access, implement network-level controls such as firewall rules to restrict RDP access to trusted IP addresses or VPNs, minimizing exposure to unauthenticated attackers. Monitor system resource usage and gnome-remote-desktop process stability to detect early signs of exploitation attempts. Employ systemd service restart limits and resource control mechanisms (e.g., cgroups) to contain resource exhaustion impact. Stay alert for official patches or updates from Red Hat and apply them promptly once available. Additionally, consider alternative remote desktop solutions with a stronger security posture until this vulnerability is resolved. Regularly audit and harden RHEL 10 configurations to reduce unnecessary services and ports exposed to untrusted networks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
redhat
Date Reserved
2025-05-21T06:10:08.134Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682f3d940acd01a249261e04

Added to database: 5/22/2025, 3:07:00 PM

Last enriched: 8/13/2025, 12:50:01 AM

Last updated: 8/19/2025, 12:34:30 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats