Researchers have uncovered a critical security flaw in Jupyter Remote Desktop Proxy, a widely used Jupyter extension that allows users to run graphical desktop environments like XFCE within a Jupyter notebook interface. Tracked as CVE-2025-32428 and assigned a CVSSv4 score of 9.0, the vulnerability arises when the extension is used with TigerVNC, inadvertently exposing VNC services over the network—contrary to its intended design.

‍