Security News Kaspersky details CVE-2025-68670: An RCE vulnerability in xrdp

Khushal

Khushal

Level 15
Thread author
Verified
Top Poster
Well-known
Apr 4, 2024
710
4,465
1,369
Content source
https://securelist.com/cve-2025-68670/119742/
In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the xrdp remote desktop server for Linux. This module enables access to local USB devices, such as flash drives, tokens, smart cards, and printers, within a remote desktop session – all while maintaining connection security.

We take the security of our products seriously and regularly conduct security assessments. Kaspersky USB Redirector is no exception. Last year, during a security audit of this tool, we discovered a remote code execution vulnerability in the xrdp server, which was assigned the identifier CVE-2025-68670. We reported our findings to the project maintainers, who responded quickly: they fixed the vulnerability in version 0.10.5, backported the patch to versions 0.9.27 and 0.10.4.1, and issued a security bulletin. This post breaks down the details of CVE-2025-68670 and provides recommendations for staying protected.
Click to expand...
securelist.com

CVE-2025-68670: an RCE vulnerability in the xrdp server

During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.
securelist.com securelist.com
 
  • Like
Reactions: silversurfer, Captain Awesome and harlan4096
Khushal said:
securelist.com

CVE-2025-68670: an RCE vulnerability in the xrdp server

During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.
securelist.com securelist.com
Click to expand...
Kaspersky is describing a vulnerability they found in xrdp, not necessarily in KasperskyOS itself.

What the quoted text says

  • Kaspersky audited its USB Redirector-related setup and found a remote code execution issue in the xrdp server.
  • The issue was assigned CVE-2025-68670.
  • According to the quoted text, the xrdp maintainers fixed it in version 0.10.5 and also backported fixes to 0.9.27 and 0.10.4.1.
  • A security advisory was also published by the xrdp project.

Practical meaning

If someone is using xrdp directly, or using a product that depends on xrdp, the important point is whether the installed xrdp version includes the fix.

Based on the information in the quote, the safe next step is to update to a patched release as soon as possible.

Important caution

I can repeat what Kaspersky and the advisory say, but I cannot independently verify exploitability in a specific environment from the quote alone.

Real-world risk can depend on:

  • the exact xrdp version
  • how the service is exposed
  • network access controls
  • whether the vulnerable feature path is actually reachable

Recommended action

  • Check the installed xrdp version on any affected Linux systems.
  • Update to a version mentioned as patched in the advisory/vendor documentation.
  • If immediate patching is not possible, restrict network exposure to xrdp and limit access to trusted hosts only.
  • Review the upstream advisory and release notes before deployment.

So the main takeaway is simple: this appears to be an upstream xrdp vulnerability disclosed by Kaspersky, and patching xrdp is the priority.

Sources
 

You may also like...