Critical severityOSV Advisory· Published Apr 15, 2025· Updated Apr 15, 2026
CVE-2025-32428
CVE-2025-32428
Description
Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jupyter-remote-desktop-proxyPyPI | >= 3.0.0, < 3.0.1 | 3.0.1 |
Affected products
2- Range: v3.0.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vrq4-9hc3-cgp7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-32428ghsaADVISORY
- github.com/jupyterhub/jupyter-remote-desktop-proxy/commit/7dd54c25a4253badd8ea68895437e5a66a59090dnvdWEB
- github.com/jupyterhub/jupyter-remote-desktop-proxy/security/advisories/GHSA-vrq4-9hc3-cgp7nvdWEB
News mentions
0No linked articles in our index yet.