CVE-2025-4478: Gnome-remote-desktop: freerdp: unauthenticated rdp packet causes segfault in freerdp leading to denial of service
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
Security readout for executives and security teams
Plain-English summary
This flaw can crash the FreeRDP service used during Red Hat Anaconda remote installation. An unauthenticated crafted RDP packet may cause a denial of service before boot, leaving the service defunct until reboot. The business impact is installation disruption, not data theft or code execution based on the provided sources.
Executive priority
Treat as a moderate availability risk for build, provisioning, and installation workflows. Prioritize patching affected RHEL 10 installer environments, especially where remote install services are reachable from shared or untrusted networks.
Technical view
CVE-2025-4478 is a likely NULL pointer dereference in FreeRDP, mapped to CWE-476. Red Hat rates it medium with CVSS 6.5. The described impact is availability-only: a segmentation fault in the pre-boot remote install path requiring reboot for recovery.
Likely exposure
Exposure appears concentrated in Red Hat Enterprise Linux 10 freerdp package 2:3.10.3-3.el10_0 and Anaconda remote install usage. The bundle lists RHEL 8 and RHEL 9 as unaffected. Evidence for broader affected products is incomplete.
Exploitation context
The source bundle does not show CISA KEV listing or active exploitation. The attack is described as network-reachable and unauthenticated, but CVSS includes user interaction required, so practical exposure likely depends on remote installation state and service accessibility.
Researcher notes
The record describes denial of service only, not confidentiality, integrity, or code execution impact. The affected scope is specific in Red Hat data, but upstream breadth is unclear from the bundle. Avoid claiming active exploitation without new evidence.
Mitigation direction
Apply Red Hat fixes from RHSA-2025:9307 for affected RHEL 10 systems.
Follow Red Hat CVE guidance for any additional vendor-specific remediation.
Restrict RDP remote install access to trusted networks during installation windows.
Reboot affected pre-boot systems if the service becomes defunct after a crash.
Validation and detection
Inventory RHEL 10 systems with the freerdp package installed.
Check whether Anaconda remote install using RDP is enabled or reachable.
Confirm RHEL 8 and RHEL 9 assets are not incorrectly flagged as affected.
Verify installed freerdp builds against Red Hat advisory RHSA-2025:9307.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-476: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-476 · source CWE mapping
NULL Pointer Dereference
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.