CVE-2025-32428
Published Apr 15, 2025
Last updated 2 days ago
AI description
CVE-2025-32428 is a security vulnerability found in Jupyter Remote Desktop Proxy, a Jupyter extension that allows users to run a Linux desktop within a Jupyter notebook. The vulnerability occurs when the extension is used with TigerVNC. The problem is that when configured with TigerVNC, the VNC server inadvertently opens a TCP network port, allowing external network access, even though it was intended to be restricted to a UNIX socket accessible only to the current user. This vulnerability does not affect users who use TurboVNC.
- Description
- Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-668
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2025-32428 ⚠️🔴 CRITICAL (9) 🏢 jupyterhub - jupyter-remote-desktop-proxy 🏗️ >= 3.0.0, < 3.0.1 🔗 https://t.co/J8Wmh07Du4 🔗 https://t.co/T3Z6kTLuZe #CyberCron #VulnAlert #InfoSec https://t.co/T3qQIPgCBP
@cybercronai
16 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32428: CRITICAL] Jupyter Remote Desktop Proxy had a vulnerability allowing VNC server access via the network. Users should update to version 3.0.1 to address this security issue.#cybersecurity,#vulnerability https://t.co/CWFp0l3inV https://t.co/Z4r2Pc89FZ
@CveFindCom
15 Apr 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-32428 Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the cu… https://t.co/AMmID9xn8f
@CVEnew
14 Apr 2025
687 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Jupyter notebookの拡張機能Jupyter Remote Desktop Proxyに重大(Critical)な脆弱性。CVE-2025-32428はCVSSv4スコア9.0で、TigerVNCと組み合わせての使用時に不適切にVNCサービスをネットワーク上に露出してしまうもの。TurboVNCと組み合わせての使用時には無事。 https://t.co/Ly4EpDObHV
@__kokumoto
14 Apr 2025
952 Impressions
4 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-32428: Jupyter Remote Desktop Proxy Exposes TigerVNC to Network Access https://t.co/82OaqfB2VN
@freedomhack101
14 Apr 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32428: Jupyter Remote Desktop Proxy Exposes TigerVNC to Network Access A vulnerability in Jupyter's remote desktop proxy allows unauthorized network access to TigerVNC, risking system compromise. Patch promptly. https://t.co/5Bi5q339UW #Cybersecurity #Vulnerability
@adriananglin
14 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32428: Jupyter Remote Desktop Proxy Exposes TigerVNC to Network Access https://t.co/3zxO42b2Zy
@Dinosn
14 Apr 2025
3830 Impressions
24 Retweets
79 Likes
19 Bookmarks
2 Replies
0 Quotes