cbcvebase.
CVE-2025-4478
published 2025-05-16

CVE-2025-4478: A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianfreerdp2< freerdp3 3.15.0+dfsg-2.1 (forky)freerdp3 3.15.0+dfsg-2.1 (forky)
debianfreerdp3< freerdp3 3.15.0+dfsg-2.1 (forky)freerdp3 3.15.0+dfsg-2.1 (forky)
freerdpfreerdp>= 3.0.0 < 3.16.03.16.0
redhatenterprise_linux

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM