CVE-2025-4478
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk33th percentile - higher than 33% of all known CVEs
Summary
A flaw was found in FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference.
Risk Assessment
An attacker can remotely crash the installation service, preventing system installation completion. A physical or remote reboot is required, leading to downtime and deployment delays.
Recommendation
Apply the available patch for FreeRDP in Anaconda or temporarily disable the remote install feature (RDP) until updated. Monitor for service crash logs.
Original NVD description (English source)
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

