How to fix CVE-2025-68670?

Within 24 hours: Identify all systems running xrdp and assess exposure to untrusted networks; isolate critical instances if patching cannot be completed immediately. Within 7 days: Apply vendor patch v0.10.5 or later to all xrdp deployments. Within 30 days: Conduct vulnerability scan to verify patch deployment; review access logs for exploitation attempts.

Is Stack Overflow affected by CVE-2025-68670?

A critical unauthenticated remote code execution vulnerability exists in xrdp (CVE-2025-68670, CVSS 9.1) that allows attackers to compromise systems without credentials.

CVE-2025-68670

CRITICAL

2026-01-27 [email protected]

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Feb 06, 2026 - 19:59 nvd

Patch available

CVE Published

Jan 27, 2026 - 16:16 nvd

CRITICAL 9.1

Description

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.

Analysis

xrdp open-source RDP server before v0.10.5 has an unauthenticated stack buffer overflow enabling remote code execution.

Technical Context

xrdp < v0.10.5 has a CWE-121 unauthenticated stack-based buffer overflow. xrdp is the primary open-source RDP server for Linux systems.

Affected Products

['xrdp < v0.10.5']

Remediation

Update xrdp to v0.10.5+.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +46

POC: 0

Vendor Status

CVE-2025-68670 vulnerability details – vuln.today

Back

CVE-2025-68670

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-68670

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code