CVE-2025-5024 is a high-severity vulnerability affecting the gnome-remote-desktop component in Red Hat Enterprise Linux (RHEL) 10. The flaw arises when gnome-remote-desktop listens for Remote Desktop Protocol (RDP) connections. An unauthenticated attacker can exploit this vulnerability by sending crafted connection attempts that cause uncontrolled resource consumption, leading to exhaustion of system resources. This results in repeated crashes of the gnome-remote-desktop process. Furthermore, the vulnerability may cause a resource leak that persists even after the service is restarted via systemd, eventually preventing gnome-remote-desktop from opening files. The vulnerability does not impact confidentiality or integrity but severely affects availability, as the service becomes unusable. The CVSS 3.1 score is 7.4 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). The requirement for user interaction likely refers to the victim system needing to have gnome-remote-desktop running and listening for RDP connections. No known exploits are currently in the wild, and no patches have been linked yet. This vulnerability highlights a denial-of-service (DoS) attack vector against RHEL 10 systems running gnome-remote-desktop, potentially disrupting remote desktop services and impacting system stability.

For European organizations, this vulnerability poses a significant risk to systems running Red Hat Enterprise Linux 10 with gnome-remote-desktop enabled, particularly in environments relying on remote desktop access for administration or user support. The denial-of-service condition can disrupt business continuity by making remote desktop services unavailable, potentially delaying critical operations. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that use RHEL 10 for secure remote access could face operational downtime and increased support costs. The resource exhaustion and persistent file-opening failures after service restarts could necessitate system reboots or manual intervention, increasing operational overhead. Since the attack requires no authentication and can be launched remotely, the attack surface is broad, especially if RDP ports are exposed or accessible within internal networks. The lack of confidentiality or integrity impact reduces the risk of data breaches but availability disruption can still have severe consequences, including loss of productivity and potential cascading failures in dependent systems.

To mitigate this vulnerability, European organizations should first verify if gnome-remote-desktop is enabled and listening for RDP connections on RHEL 10 systems. If remote desktop functionality is not required, disable gnome-remote-desktop to eliminate the attack surface. For systems requiring remote desktop access, implement network-level controls such as firewall rules to restrict RDP access to trusted IP addresses or VPNs, minimizing exposure to unauthenticated attackers. Monitor system resource usage and gnome-remote-desktop process stability to detect early signs of exploitation attempts. Employ systemd service restart limits and resource control mechanisms (e.g., cgroups) to contain resource exhaustion impact. Stay alert for official patches or updates from Red Hat and apply them promptly once available. Additionally, consider alternative remote desktop solutions with a stronger security posture until this vulnerability is resolved. Regularly audit and harden RHEL 10 configurations to reduce unnecessary services and ports exposed to untrusted networks.