The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections.
Key Takeaways
1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop Client (CVSS 8.8).
2. Malicious RDP servers execute code on connecting clients through a path traversal vulnerability.
3. Affects all Windows versions from Server 2008 to Windows 11 24H2.
4. Microsoft released fixes July 8, 2025 - apply security updates immediately.
CVE-2025-48817 represents a relative path traversal vulnerability combined with improper access control mechanisms within Microsoft’s Remote Desktop Client infrastructure.
The vulnerability has been assigned a CVSS score of 8.8 for base metrics and 7.7 for temporal metrics, classifying it as “Important” severity.
The technical classification identifies two primary weakness categories: CWE-23 (Relative Path Traversal) and CWE-284 (Improper Access Control).
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C indicates this is a network-based attack vector with low complexity requirements.
Crucially, the vulnerability requires no privileges for exploitation but does necessitate user interaction. Upon successful exploitation, attackers can achieve high impact across confidentiality, integrity, and availability domains.
The exploitation mechanism relies on a man-in-the-middle attack scenario where malicious actors control a Remote Desktop Server.
When victims connect to the compromised server using vulnerable Remote Desktop Client software, the relative path traversal flaw enables remote code execution (RCE) on the client machine.
This attack vector is particularly concerning because it reverses the typical client-server security model, where clients generally trust servers.
The vulnerability requires an administrative user on the client system to initiate a connection to the malicious server.
Once the connection is established, the path traversal weakness allows attackers to escape intended directory restrictions and execute arbitrary code with elevated privileges.
| Risk Factors | Details |
| Affected Products | – Windows Server 2008/2008 R2/2012/2012 R2- Windows Server 2016/2019/2022/2025- Windows 10 (all versions from 1607 to 22H2)- Windows 11 (22H2, 23H2, 24H2)- Remote Desktop Client for Windows Desktop- Windows App Client for Windows Desktop |
| Impact | Remote Code Execution (RCE) |
| Exploit Prerequisites | – Administrative user on client system- User interaction required- Connection to malicious RDP server- Network access- No privileges required on server side |
| CVSS 3.1 Score | 8.8 (Important) |
Microsoft has released comprehensive security updates addressing CVE-2025-48817 across its entire Windows ecosystem.
The affected platforms span from legacy systems, including Windows Server 2008 and Windows 7, to current versions such as Windows 11 24H2 and Windows Server 2022.
Specific build numbers for patched versions include 10.0.26100.4652 for Windows 11 24H2 and 10.0.22631.5624 for Windows 11 23H2.
The Remote Desktop client for Windows Desktop has been updated to version 1.2.6353.0, while the Windows App Client reaches version 2.0.559.0.
Organizations should prioritize applying security updates KB5062553 and KB5062552, as well as related patches corresponding to their specific Windows versions.
Microsoft has confirmed that the vulnerability is not currently being exploited in the wild, and no public disclosure has occurred, providing organizations with a critical window for remediation before potential widespread exploitation attempts.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
AMHERST — Performances by local and student bands, an art walk at campus galleries and…
GREENFIELD — Aided by grant funding, the nonprofit law organization providing free services to low-income…
Children’s Advocacy Center luminaria event NORTHAMPTON — The Children’s Advocacy Center (CAC) of Hampshire County…
CHESTERFIELD — For the fourth time in 16 months, Chesterfield has a new Council on…
Today's links Ada Palmer's "Inventing the Renaissance": A tour-de-force, a magnum opus, a work of…
Future The People Do Not Yearn for AutomationNilay Patel | The Verge “Not everything about…
This website uses cookies.