Critical xrdp Vulnerabilities Affecting Ubuntu Systems

Multiple vulnerabilities were identified in xrdp, an open-source RDP server, impacting Ubuntu 24.04 LTS. CVE-2025-68670 allows unauthenticated attackers to crash xrdp, leading to denial of service or arbitrary code execution. CVE-2024-39917 permits unlimited login attempts, while CVE-2023-42822 involves out-of-bounds reading due to improper bounds checking. Additionally, CVE-2023-40184 allows bypassing OS-level session restrictions. The vulnerabilities were disclosed on 2026-06-25, with patches available for affected systems. Users are advised to update their xrdp installations promptly to mitigate these risks.

Key Points: • xrdp vulnerabilities could lead to denial of service and arbitrary code execution. • Ubuntu 24.04 LTS is specifically affected by these vulnerabilities. • Immediate updates are recommended to secure systems against these threats.