CVE-2025-58435
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-11

Assigner: GitHub, Inc.

Description
Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version 3.1.2. The likelihood of exploitation is low as a user would need to share their link to an active desktop session and the other user would need to be authenticated to the portal. But obtaining the link would allow that user to perform any actions as the original user and access their data. Open OnDemand 3.1.15 and 4.0.7 have patched this vulnerability and correctly rotate passwords for any version of TurboVNC. As a workaround, downgrade TurboVNC to a version lower than 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58435
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
turbo_vnc turbo_vnc 3.1.2
ondemand ondemand 4.0.6
ondemand ondemand 3.1.14
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-262 The product does not have a mechanism in place for managing password aging.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Open OnDemand occurs because noVNC interactive applications do not properly rotate the VNC password when TurboVNC is used at versions higher than 3.1.2. If a user shares a link to an active desktop session, another authenticated user who obtains this link can perform any actions as the original user and access their data. The issue arises from a lack of password rotation, which means the password remains valid and unchanged, allowing unauthorized access through the shared session link. [1]

Impact Analysis

If exploited, this vulnerability allows an authenticated user who obtains a shared session link to act as the original user, performing any actions and accessing their data within the Open OnDemand portal. This could lead to unauthorized data access and potential misuse of the original user's privileges. However, the likelihood of exploitation is low because the attacker must both receive the session link and be authenticated to the portal. [1]

Detection Guidance

Detection involves verifying the Open OnDemand version and the TurboVNC version in use. Check if Open OnDemand is running a version prior to 3.1.15 or 4.0.7 and if TurboVNC is above version 3.1.2. You can use commands like 'ondemand --version' or check the installed package version for Open OnDemand, and 'vncserver -version' or 'turboVNC -version' to determine the TurboVNC version. Additionally, monitor for shared active desktop session links being accessed by multiple authenticated users, which could indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Open OnDemand to version 3.1.15 or 4.0.7 or later, where the vulnerability is patched. Alternatively, downgrade TurboVNC to a version lower than 3.1.2 to avoid the password rotation issue. Also, restrict sharing of active desktop session links and ensure that only trusted authenticated users have access to the portal. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58435. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart