Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)

During research, cirosec found a vulnerability in the remote access software from RealVNC.

RealVNC’s remote access and support solution Connect allows accessing and managing devices from anywhere. To access a device, the VNC Viewer software establishes a connection to the VNC server application, which is installed on the system that is to be managed.

The vulnerability identified is located in the Windows installation packages of VNC Viewer and VNC Server and was immediately reported to the manufacturer.

Local Privilege Escalation

The repair feature in the corresponding Windows installer for VNC Viewer and VNC Server can be used by an unprivileged attacker to cause insecure operations. Skillfully redirecting these operations allows an attacker to obtain system privileges.

The vulnerability in the two installation packages was summarized under the reference CVE-2022-41975. [1]

CVSS Score
7.8 (CVSS v3) –

CVSS Vector String

Affected Versions
RealVNC VNC Server, version 5.1.0 to 6.10.1
RealVNC VNC Viewer, version 5.1.0 to 6.22.515

The vulnerability can be fixed by updating to VNC Server version 6.11 and VNC Viewer version 6.22.826.


Jan-Luca Gruber (cirosec GmbH)


Do you want to protect your systems? Get in touch with us.