Remote Desktop Access Vulnerability in Jupyter Remote Desktop Proxy by Jupyterhub

CVE-2025-32428

What is CVE-2025-32428?

CVE-2025-32428 is a vulnerability found within the Jupyter Remote Desktop Proxy, a tool designed to facilitate the use of a Linux desktop environment on a JupyterHub instance. This software enables users to interact with Jupyter-based applications in a more familiar desktop interface. However, the vulnerability allows unauthorized access to the VNC server set up by the proxy, exposing sensitive data and potentially allowing remote manipulation of the desktop session. Organizations relying on this setup for data analysis or development may face significant operational risks due to unauthorized access to their environments.

Technical Details

CVE-2025-32428 arises from improper configuration within the Jupyter Remote Desktop Proxy. While the proxy was intended to use UNIX sockets that are only accessible by the current user, it improperly allowed VNC servers, specifically when associated with TigerVNC, to be accessible over the network. This issue does not affect deployments using TurboVNC. The flaw has been documented in version 3.0.0 and was addressed in version 3.0.1.

Potential impact of CVE-2025-32428

1. Unauthorized Access: Attackers could potentially gain remote access to the Linux desktop environment, leading to unauthorized manipulation of files and applications, which increases the risk of data leakage.

2. Data Breaches: Sensitive data displayed or processed on the desktop could be exposed to unauthorized users, resulting in significant confidentiality breaches and potential regulatory non-compliance.

3. System Compromise: With access to the remote desktop, malicious actors could exploit vulnerabilities within applications running on the desktop environment, possibly leading to a broader compromise of the organization’s IT infrastructure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References