Vulnerability Details CVE-2022-25226
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.771
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
References