CVE-2025-10635: 
WordPress vulnerability analysis and mitigation

CVE-2025-5024 is a vulnerability discovered in GNOME Remote Desktop, a remote desktop and screen sharing service for the GNOME desktop environment. The vulnerability was publicly disclosed on May 22, 2025, and affects the gnome-remote-desktop package. The issue allows an unauthenticated attacker to exploit uncontrolled resource consumption through malformed RDP PDUs (NVD CVE, Red Hat Advisory).

The vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) with a CVSS v3.1 base score of 7.4 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is changed (S:C) with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD CVE).

When gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. The vulnerability can lead to a resource leak after multiple attacks, preventing gnome-remote-desktop from opening files even after systemd restarts the service (NVD CVE).

Red Hat has released security updates to address this vulnerability. The fix is available through various Red Hat Enterprise Linux security advisories, including RHSA-2025:10635. Users are advised to update their gnome-remote-desktop packages to version 47.3-2.el10_0 (Red Hat Advisory).