Detections
Analytics

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2025-986166)

high Nessus Plugin ID 268764

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986166 advisory.

 FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected freerdp package.

See Also

http://www.nessus.org/u?5ed17937

https://gitee.com/src-openeuler/freerdp/issues/I5VGTP

https://nvd.nist.gov/vuln/detail/CVE-2022-39283

Plugin Details

Severity: High

ID: 268764

File Name: unity_linux_UTSA-2025-986166.nasl

Version: 1.2

Type: local

Published: 10/7/2025

Updated: 10/10/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2022-39283

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/UOS-Server/release, Host/UOS-Server/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/9/2025

Vulnerability Publication Date: 10/12/2022

Reference Information

CVE: CVE-2022-39283