AI Threat Alert

CVE-2025-32428

GHSA-vrq4-9hc3-cgp7 CRITICAL
Published April 12, 2025

## Summary `jupyter-remote-desktop-proxy` was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
jupyter-remote-desktop-proxy pip = 3.0.0 3.0.1

Do you use jupyter-remote-desktop-proxy? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
0.2%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update jupyter-remote-desktop-proxy to version 3.0.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

## Summary `jupyter-remote-desktop-proxy` was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by `jupyter-remote-desktop-proxy` were still accessible via the network. This vulnerability does not affect users having TurboVNC as the `vncserver` executable. ## Credits This vulnerability was identified by Arne Gottwald at University of Göttingen and analyzed, reported, and reviewed by @frejanordsiek.

Weaknesses (CWE)

CWE-668 Exposure of Resource to Wrong Sphere Primary

References

Timeline

Published
April 12, 2025
Last Modified
April 15, 2025
First Seen
March 24, 2026
Back to Threat Feed