What is the CVSS score of CVE-2025-68670?

CVE-2025-68670 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Debian Linux are affected by CVE-2025-68670?

A critical unauthenticated remote code execution vulnerability exists in xrdp (CVE-2025-68670, CVSS 9.1) that allows attackers to compromise systems without credentials.. A patch is available.

How to fix or mitigate CVE-2025-68670?

Within 24 hours: Identify all systems running xrdp and assess exposure to untrusted networks; isolate critical instances if patching cannot be completed immediately. Within 7 days: Apply vendor patch v0.10.5 or later to all xrdp deployments. Within 30 days: Conduct vulnerability scan to verify patch deployment; review access logs for exploitation attempts.

Debian Linux CVE-2025-68670

CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-01-27 security-advisories@github.com

Buffer Overflow Stack Overflow Debian Linux Xrdp Suse

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch released

Feb 06, 2026 - 19:59 nvd

Patch available

CVE Published

Jan 27, 2026 - 16:16 nvd

CRITICAL 9.1

DescriptionNVD

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system. The vulnerability allows an attacker to overwrite the stack buffer and the return address, which could theoretically be used to redirect the execution flow. The impact of this vulnerability is lessened if a compiler flag has been used to build the xrdp executable with stack canary protection. If this is the case, a second vulnerability would need to be used to leak the stack canary value. Upgrade to version 0.10.5 to receive a patch. Additionally, do not rely on stack canary protection on production systems.

AnalysisAI

xrdp open-source RDP server before v0.10.5 has an unauthenticated stack buffer overflow enabling remote code execution.

Technical ContextAI

xrdp < v0.10.5 has a CWE-121 unauthenticated stack-based buffer overflow. xrdp is the primary open-source RDP server for Linux systems.

RemediationAI

Update xrdp to v0.10.5+.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-68670 vulnerability details – vuln.today

Back

Debian Linux CVE-2025-68670

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code