CVE-2025-27458

Name of the Vulnerable Software and Affected Versions: VNC (affected versions not specified)

Description: The issue concerns the VNC authentication mechanism, which uses a challenge-response system. This system relies on both the server and client using the same password for encryption. An attacker can exploit this by obtaining the challenge and response, as all VNC communication is unencrypted, and then attempt to derive the password from this information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.