| Package | xrdp |
|---|---|
| Version | 0.9.9-1+deb10u5 (buster) |
| Related CVEs | CVE-2025-68670 |
xrdp is an open source RDP server. It was found that xrdp contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system.
For Debian 10 buster, these problems have been fixed in version 0.9.9-1+deb10u5.
We recommend that you upgrade your xrdp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.