CVE-2025-32428

216.73.217.22

· Published 15/04/2025 00:15 · Modified 15/04/2025 18:39

Labels: CVE-2025-32428 2025-04-15 CVE-2025-32428 CWE-668 [email protected]

Essential information

Published: 15/04/2025 00:15
Modified: 15/04/2025 18:39
Author: —
Creator: —
CVSS: 9.0 CRITICAL (v3) 9.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
jupyter / jupyter remote desktop proxy	`cpe:2.3:a:jupyter:jupyter_remote_desktop_proxy:<3.0.1:::::::*`
jupyter / jupyter remote desktop proxy	`cpe:2.3:a:jupyter:jupyter_remote_desktop_proxy:3.0.1:::::::*`