CVE-2022-25226

Name of the Vulnerable Software and Affected Versions ThinVNC version 1.0b1

Description The issue allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. This can lead to code execution on the server by sending keyboard or mouse events to the server.

Recommendations For ThinVNC version 1.0b1, as a temporary workaround, consider disabling access to the 'http://thin-vnc:8080/cmd?cmd=connect' endpoint until a patch is available. Restrict the ability to send keyboard or mouse events to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.