FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xrdp -- remote code execution

Affected packages
xrdp < 0.10.5

Details

VuXML ID 232e16cc-fd83-11f0-981a-98b78501ef2a
Discovery 2025-12-06
Entry 2026-01-27

Denis Skvortsov, Security Researcher at Kaspersky reports:

xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system.

[source]

References

CVE Name CVE-2025-68670
URL https://www.cve.org/CVERecord?id=CVE-2025-68670

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.