AI description
CVE-2025-68670 is identified as an unauthenticated stack-based buffer overflow vulnerability affecting xrdp, an open-source Remote Desktop Protocol (RDP) server. This flaw is present in xrdp versions prior to v0.10.5. The vulnerability arises from inadequate bounds checking when the xrdp server processes user domain information during the initial RDP connection sequence. This improper handling allows remote attackers to potentially overwrite stack buffers and return addresses, which could lead to the execution of arbitrary code on affected systems without requiring any authentication. A patch for this issue is available in xrdp version 0.10.5 and later.
- Description
- xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- xrdp, debian_linux
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
Our experts have discovered vulnerability CVE-2025-68670 in xrdp, a remote desktop server for Linux using the RDP protocol. A buffer overflow could lead to remote code execution without authentication. The issue has already been fixed in the latest versions. Details: https://t.co
@e_kaspersky
12 May 2026
2877 Impressions
12 Retweets
40 Likes
11 Bookmarks
1 Reply
1 Quote
#exploit 1⃣ CVE-2026-31431: Code exec into containers sharing the same image layer https://t.co/1WHHD88uAH 2⃣ CVE-2025-68670: RCE in the xrdp server https://t.co/X8AYExy9VJ 3⃣ CVE-2026-23918: Apache mod_http2 vulnerability https://t.co/pBdyEHb0GL // Disclaimer
@ksg93rd
11 May 2026
390 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670: an #RCE #vulnerability in the #xrdp_server https://t.co/ieDnmlOsbD https://t.co/xBQwEiqAwg
@omvapt
10 May 2026
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670 — xrdp pre-auth RCE Zero creds needed. Port 3389 access = RCE. Chain: xrdp RCE → Dirty Frag (CVE-2026-43284) = remote-to-root OpenCanary: 158,515 RDP hits this week. Patch now. Block 3389 from internet. #ThreatIntel #CVE #RDP #CVE202568670
@NoctisIntel
9 May 2026
365 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670: discovering an RCE vulnerability in xrdp https://t.co/eGlOALv5Uj #appsec
@eyalestrin
9 May 2026
263 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploiting CVE-2025-68670 to gain unauthenticated RCE on xrdp servers, then escalating privileges and moving laterally through networks. Runtime segmentation helps contain post-compromise activity and limits blast radius. #ZeroDay #CloudSecurity 🔗
@aviatrixtrc
8 May 2026
263 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: CVE-2025-68670 - Pre-auth RCE in xrdp <v0.10.5 via Client Info PDU buffer overflow. 9 detections, 18 IOCs. https://t.co/nK1GjXCRDG #ThreatIntel #xrdp #RCE https://t.co/HsSnq5jX9X
@threadlinqs
8 May 2026
289 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
В xrdp – сервере удалённого рабочего стола по протоколу RDP для Linux – наши эксперты обнаружили уязвимость CVE-2025-68670: переполнение буфера могло привести к уда
@e_kaspersky_ru
8 May 2026
476 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
اكتشاف ثغرة تنفيذ أوامر عن بعد في xrdp تحت الرمز CVE-2025-68670. Discovering a remote code execution vulnerability in xrdp, identified as CVE-2025-68670. This highlights the importance of regular security audits for open-source software. https:
@fad_777
8 May 2026
259 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE flaw in xrdp remote desktop server allows unauthenticated attackers to execute arbitrary code via crafted UTF-16 domain names that trigger stack buffer overflow. Key technical details: • CVE-2025-68670 (CVSS not specified) affects xrdp versions prior to 0.10.5, ht
@DFIR_Radar
8 May 2026
444 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-68670: an RCE vulnerability in the xrdp server | Securelist https://t.co/A6uwqT03UG
@VivekIntel
8 May 2026
942 Impressions
4 Retweets
8 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670: discovering an RCE vulnerability in xrdp https://t.co/yYk6QtbXlF
@Dinosn
8 May 2026
1569 Impressions
7 Retweets
12 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670: discovering an RCE vulnerability in xrdp: During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability. https://t.co/5GsFvnel4j https://t
@shah_sheikh
8 May 2026
229 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670: discovering an RCE vulnerability in xrdp https://t.co/jHnh2jMCd9
@TheCyberSecHub
8 May 2026
526 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Advisory: Critical buffer overflow vulnerability (CVE-2025-68670) identified in xrdp implementation for #SUSE Linux distributions. Read more: 👉 https://t.co/fOSEUjRmY8 #Security https://t.co/7JOOubdv35
@Cezar_H_Linux
9 Feb 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Security Alert for Linux Administrators! 🚨 #Fedora 43 systems using xrdp for remote access contain a severe vulnerability (CVE-2025-68670) allowing unauthenticated remote code execution. Read more: 👉 https://t.co/Qq8a3h9OUI #Security https://t.co/2X3RUOR4lL
@Cezar_H_Linux
8 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Fedora admins - Patch xorgxrdp now! CVE-2025-68670 = critical RCE via stack buffer overflow. Affects xrdp servers on #Fedora 43. Read more: 👉https://t.co/cFhWjRbjK2 #Security https://t.co/DPeRas7ZzL
@Cezar_H_Linux
8 Feb 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fedora 43 users warned of critical xrdp bug CVE-2025-68670, a stack-based buffer overflow fixed in xrdp 0.10.5 released Jan 27 2026. Update xrdp and xorgxrdp packages promptly. #LinuxSecurity https://t.co/T9cu3gV8ed
@threatcluster
8 Feb 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just published: Deep technical analysis of CVE-2025-68670, the critical libpainter0 vulnerability affecting #openSUSE Tumbleweed with CVSS scores reaching 9.2. Read more: 👉 https://t.co/I8Zc3ZSzDm #Security https://t.co/ELdaZ8deGK
@Cezar_H_Linux
5 Feb 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
xrdp contains a Stack-based Buffer Overflow (CVE-2025-68670) due to improper domain string length checks. This may lead to remote code execution. Update to mitigate. #xrdp #infosec #CVE https://t.co/hTHgPiJ9oa
@pulsepatchio
29 Jan 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
xrdp versions before 0.10.5 are affected by an unauthenticated stack-based buffer overflow (CVE-2025-68670). Update to remediate this #xrdp #vulnerability. More info: https://t.co/NkOHGnaLf5
@pulsepatchio
28 Jan 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
xrdp is vulnerable to a Stack-based Buffer Overflow (CVE-2025-68670) from improper domain string length checks. Update to mitigate. #xrdp #infosec #Vulnerability https://t.co/hTHgPiJHdI
@pulsepatchio
28 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-68670: CRITICAL] URGENT: xrdp RDP server prior v0.10.5 has an unauthenticated buffer overflow issue! Attackers can remote execute! Update to v0.10.5 now to patch this vulnerability.#cve,CVE-2025-68670,#cybersecurity https://t.co/tzy3lLVsKW
@CveFindCom
27 Jan 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-68670 - Critical xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing... https://t.co/ZTUTTVx2Dl https://t.co/XDCJh9MpBi
@TheHackerWire
27 Jan 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68670 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds che… https://t.co/0Cbu57iy1D
@CVEnew
27 Jan 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7BFA59-F9D6-4B4F-8CB7-137054E9C030",
"versionEndExcluding": "0.10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]