CVE-2025-4478

Published May 16, 2025

Last updated 24 days ago

CVSS high 7.1

Overview

Description
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-476

Social media

Hype score
Not currently trending

  1. CVE-2025-4478 A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes… https://t.co/aprD55nW7E

    @CVEnew

    16 May 2025

    254 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.