PT-2025-16172 · Unknown+2 · Jupyter-Remote-Desktop-Proxy+2

Frejanordsiek

·

Publicado

2025-04-11

·

Atualizado

2025-04-16

·

CVE-2025-32428

CVSS v4.0

9.0

Crítica

VetorAV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions jupyter-remote-desktop-proxy versions 3.0.0 through 3.0.0
Description The issue allows unauthorized network access to TigerVNC, risking system compromise, when jupyter-remote-desktop-proxy is used with TigerVNC. This vulnerability does not affect users having TurboVNC as the vncserver executable.
Recommendations Update to version 3.0.1 to address this security issue. As a temporary workaround, consider switching to TurboVNC to mitigate the risk of exploitation.

Exploit

Correção

Integer Overflow

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-668

Identificadores relacionados

BDU:2025-10399
CVE-2025-32428
GHSA-VRQ4-9HC3-CGP7

Produtos afetados

Tigervnc
Turbovnc
Jupyter-Remote-Desktop-Proxy