CVE-2025-68670

Published Jan 27, 2026

Last updated 3 months ago

CVSS critical 9.1

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-68670 is identified as an unauthenticated stack-based buffer overflow vulnerability affecting xrdp, an open-source Remote Desktop Protocol (RDP) server. This flaw is present in xrdp versions prior to v0.10.5. The vulnerability arises from inadequate bounds checking when the xrdp server processes user domain information during the initial RDP connection sequence. This improper handling allows remote attackers to potentially overwrite stack buffers and return addresses, which could lead to the execution of arbitrary code on affected systems without requiring any authentication. A patch for this issue is available in xrdp version 0.10.5 and later.

Description
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.
Source
security-advisories@github.com
NVD status
Analyzed
Products
xrdp, debian_linux

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-121
nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

6

  1. NEW THREAT INTEL: CVE-2025-68670 - Pre-auth RCE in xrdp <v0.10.5 via Client Info PDU buffer overflow. 9 detections, 18 IOCs. https://t.co/nK1GjXCRDG #ThreatIntel #xrdp #RCE https://t.co/HsSnq5jX9X

    @threadlinqs

    8 May 2026

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. В xrdp – сервере удалённого рабочего стола по протоколу RDP для Linux – наши эксперты обнаружили уязвимость CVE-2025-68670: переполнение буфера могло привести к уда

    @e_kaspersky_ru

    8 May 2026

    238 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. اكتشاف ثغرة تنفيذ أوامر عن بعد في xrdp تحت الرمز CVE-2025-68670. Discovering a remote code execution vulnerability in xrdp, identified as CVE-2025-68670. This highlights the importance of regular security audits for open-source software. https:

    @fad_777

    8 May 2026

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical RCE flaw in xrdp remote desktop server allows unauthenticated attackers to execute arbitrary code via crafted UTF-16 domain names that trigger stack buffer overflow. Key technical details: • CVE-2025-68670 (CVSS not specified) affects xrdp versions prior to 0.10.5, ht

    @DFIR_Radar

    8 May 2026

    325 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-68670: an RCE vulnerability in the xrdp server | Securelist https://t.co/A6uwqT03UG

    @VivekIntel

    8 May 2026

    537 Impressions

    3 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-68670: discovering an RCE vulnerability in xrdp https://t.co/yYk6QtbXlF

    @Dinosn

    8 May 2026

    1157 Impressions

    5 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-68670: discovering an RCE vulnerability in xrdp: During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability. https://t.co/5GsFvnel4j https://t

    @shah_sheikh

    8 May 2026

    146 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-68670: discovering an RCE vulnerability in xrdp https://t.co/jHnh2jMCd9

    @TheCyberSecHub

    8 May 2026

    420 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Security Advisory: Critical buffer overflow vulnerability (CVE-2025-68670) identified in xrdp implementation for #SUSE Linux distributions. Read more: 👉 https://t.co/fOSEUjRmY8 #Security https://t.co/7JOOubdv35

    @Cezar_H_Linux

    9 Feb 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Critical Security Alert for Linux Administrators! 🚨 #Fedora 43 systems using xrdp for remote access contain a severe vulnerability (CVE-2025-68670) allowing unauthenticated remote code execution. Read more: 👉 https://t.co/Qq8a3h9OUI #Security https://t.co/2X3RUOR4lL

    @Cezar_H_Linux

    8 Feb 2026

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. URGENT: Fedora admins - Patch xorgxrdp now! CVE-2025-68670 = critical RCE via stack buffer overflow. Affects xrdp servers on #Fedora 43. Read more: 👉https://t.co/cFhWjRbjK2 #Security https://t.co/DPeRas7ZzL

    @Cezar_H_Linux

    8 Feb 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Fedora 43 users warned of critical xrdp bug CVE-2025-68670, a stack-based buffer overflow fixed in xrdp 0.10.5 released Jan 27 2026. Update xrdp and xorgxrdp packages promptly. #LinuxSecurity https://t.co/T9cu3gV8ed

    @threatcluster

    8 Feb 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Just published: Deep technical analysis of CVE-2025-68670, the critical libpainter0 vulnerability affecting #openSUSE Tumbleweed with CVSS scores reaching 9.2. Read more: 👉 https://t.co/I8Zc3ZSzDm #Security https://t.co/ELdaZ8deGK

    @Cezar_H_Linux

    5 Feb 2026

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. xrdp contains a Stack-based Buffer Overflow (CVE-2025-68670) due to improper domain string length checks. This may lead to remote code execution. Update to mitigate. #xrdp #infosec #CVE https://t.co/hTHgPiJ9oa

    @pulsepatchio

    29 Jan 2026

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. xrdp versions before 0.10.5 are affected by an unauthenticated stack-based buffer overflow (CVE-2025-68670). Update to remediate this #xrdp #vulnerability. More info: https://t.co/NkOHGnaLf5

    @pulsepatchio

    28 Jan 2026

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. xrdp is vulnerable to a Stack-based Buffer Overflow (CVE-2025-68670) from improper domain string length checks. Update to mitigate. #xrdp #infosec #Vulnerability https://t.co/hTHgPiJHdI

    @pulsepatchio

    28 Jan 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. [CVE-2025-68670: CRITICAL] URGENT: xrdp RDP server prior v0.10.5 has an unauthenticated buffer overflow issue! Attackers can remote execute! Update to v0.10.5 now to patch this vulnerability.#cve,CVE-2025-68670,#cybersecurity https://t.co/tzy3lLVsKW

    @CveFindCom

    27 Jan 2026

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🔴 CVE-2025-68670 - Critical xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing... https://t.co/ZTUTTVx2Dl https://t.co/XDCJh9MpBi

    @TheHackerWire

    27 Jan 2026

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-68670 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds che… https://t.co/0Cbu57iy1D

    @CVEnew

    27 Jan 2026

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Linux Kernel Incorrect Resource Transfer Between Spheres VulnerabilityCVE-2026-31431
  2. xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploitation can crash the process, while post-authentication exploitation may achieve remote code execution. This issue has been fixed in version 0.10.6. If users are unable to immediately update, they should run xrdp as a non-privileged user (default since 0.10.2) to limit the impact of successful exploitation.CVE-2026-35512
  3. xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. This vulnerability results from insufficient validation of input buffer lengths before processing dynamic channel communication. Successful exploitation can lead to a denial-of-service (DoS) condition via a process crash or potential disclosure of sensitive information from the service's memory space. This issue has been fixed in version 0.10.6.CVE-2026-33689
  4. xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly configured), xrdp accepts a client-supplied AlternateShell value and executes it via /bin/sh -c during session initialization. This results in shell-interpreted execution of unsanitized, user-controlled input. This behavior effectively provides a scriptable remote command execution primitive over RDP within the security context of the authenticated user, occurring prior to normal window manager startup. This can bypass expected session initialization flows and operational assumptions that restrict execution to interactive desktop environments. This issue has been fixed in version 0.10.6.CVE-2026-33145
  5. xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability by sending a specially crafted Confirm Active PDU. Successful exploitation could lead to a denial of service (process crash) or potential disclosure of sensitive information from the process memory. This issue has been fixed in version 0.10.6.CVE-2026-33516

References

Sources include official advisories and independent security research.