CVE-2025-5024 is a vulnerability identified in the gnome-remote-desktop component of Red Hat Enterprise Linux 10. The flaw arises when gnome-remote-desktop listens for incoming Remote Desktop Protocol (RDP) connections. An unauthenticated attacker can exploit this by sending repeated connection requests, which leads to uncontrolled resource consumption. This resource exhaustion causes the gnome-remote-desktop process to crash repeatedly, disrupting remote desktop services. Furthermore, the vulnerability can cause a resource leak that persists beyond process restarts, resulting in the inability of gnome-remote-desktop to open files even after being restarted via systemd. The vulnerability has a CVSS 3.1 base score of 7.4, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects availability (A:H) but not confidentiality or integrity. No known exploits have been reported in the wild yet. The vulnerability highlights a denial-of-service (DoS) risk through resource exhaustion in a critical remote access service on RHEL 10 systems.

The primary impact of CVE-2025-5024 is denial of service due to resource exhaustion in gnome-remote-desktop, which can disrupt remote desktop access on affected Red Hat Enterprise Linux 10 systems. This can affect system availability for administrators and users relying on RDP for remote management or desktop access. The persistent resource leak exacerbates the issue by preventing recovery even after service restarts, potentially requiring manual intervention or system reboot. Organizations with critical infrastructure or enterprise environments that depend on RHEL 10 for remote access may experience operational disruptions, impacting productivity and incident response capabilities. Although confidentiality and integrity are not directly impacted, the loss of availability can have cascading effects on business continuity and security operations. The lack of required privileges for exploitation increases the risk, as attackers do not need authenticated access. The requirement for user interaction (connection attempts) means the attack surface is exposed to network-based attackers who can send RDP connection requests. This vulnerability could be leveraged in targeted denial-of-service attacks or as part of larger attack campaigns aiming to disrupt enterprise operations.

To mitigate CVE-2025-5024, organizations should first monitor Red Hat advisories and apply patches or updates to gnome-remote-desktop as soon as they become available. Until patches are deployed, administrators should consider disabling gnome-remote-desktop if remote desktop functionality is not essential. Network-level controls such as firewall rules or intrusion prevention systems should be configured to restrict inbound RDP traffic to trusted sources only, minimizing exposure to unauthenticated attackers. Rate limiting or connection throttling mechanisms on RDP ports can help reduce the risk of resource exhaustion attacks. Additionally, monitoring system logs and resource usage for abnormal spikes related to gnome-remote-desktop can provide early detection of exploitation attempts. Implementing robust incident response procedures to quickly restart or recover affected services and perform system reboots if necessary will reduce downtime. Finally, educating system administrators about this vulnerability and ensuring secure configuration of remote desktop services will enhance overall resilience.