CVE-2025-4478: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in the gnome-remote-desktop component used by Anaconda's remote install feature. The vulnerability (CVE-2025-4478) was published on May 16, 2025, and affects multiple Linux distributions including Red Hat, Ubuntu, and Debian. The flaw allows an unauthenticated attacker to trigger a segmentation fault through crafted RDP packets, causing the service to crash and become defunct (NVD, Ubuntu).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that occurs during the pre-boot phase. The issue has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H. The vulnerability specifically manifests when processing malformed RDP packets in the remote access functionality (NVD, Red Hat Bugzilla).

When exploited, this vulnerability results in a denial of service condition where the gnome-remote-desktop service crashes and remains in a defunct state. The impact is particularly severe as it occurs during the pre-boot phase, and system recovery requires a manual reboot (CVE, Debian).

Currently, the primary mitigation is to reboot the system when the service becomes defunct. The vulnerability affects multiple versions of the gnome-remote-desktop package across various distributions, including Debian Bullseye (0.1.9-5), Bookworm (43.3-1), Trixie (48.1-1), and Sid (48.1-2). As of the latest reports, the vulnerability remains unfixed in these versions (Debian).