CVE-2025-32428

CVSS v4.0

9.0

Critical

Vector

AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions jupyter-remote-desktop-proxy versions 3.0.0 through 3.0.0

Description The issue allows unauthorized network access to TigerVNC, risking system compromise, when jupyter-remote-desktop-proxy is used with TigerVNC. This vulnerability does not affect users having TurboVNC as the vncserver executable.

Recommendations Update to version 3.0.1 to address this security issue. As a temporary workaround, consider switching to TurboVNC to mitigate the risk of exploitation.

Exploit

Fix

Integer Overflow

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-668

Related Identifiers

BDU:2025-10399

CVE-2025-32428

GHSA-VRQ4-9HC3-CGP7

Affected Products

Tigervnc

Turbovnc

Jupyter-Remote-Desktop-Proxy

CVE-2025-32428

Weakness Enumeration

Related Identifiers

Affected Products

References · 20