Kaspersky researchers discovered CVE-2025-68670, a pre-authentication Remote Code Execution (RCE) vulnerability in the xrdp server for Linux. The flaw stems from a stack buffer overflow in the xrdpwmparsedomaininformation function when processing specially crafted domain names during the Secure Settings Exchange phase, allowing an attacker to overwrite the return address and execute arbitrary code.