CVE Catalog

CVE-2025-4478

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

33th percentile - higher than 33% of all known CVEs

Summary

A flaw was found in FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference.

Risk Assessment

An attacker can remotely crash the installation service, preventing system installation completion. A physical or remote reboot is required, leading to downtime and deployment delays.

Recommendation

Apply the available patch for FreeRDP in Anaconda or temporarily disable the remote install feature (RDP) until updated. Monitor for service crash logs.

Original NVD description (English source)

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS