Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity rating.
While not yet exploited in the wild, security experts warn that it poses a significant risk to Windows users relying on remote access tools.
The flaw affects the Remote Desktop Client, a core component for connecting to remote machines. An unauthorized attacker could leverage it over a network by tricking a user into connecting to a malicious RDP server.
Once connected, the server exploits the use-after-free bug to run arbitrary code in the user’s context, potentially leading to full system compromise.
This requires user interaction, such as clicking a phishing link or accepting a bogus connection, but demands no privileges from the attacker.
The Common Vulnerability Scoring System (CVSS) rates it at 8.8 out of 10, highlighting high impacts on confidentiality, integrity, and availability.
| Metric | Value |
|---|---|
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity | High |
| Availability | High |
| Exploit Maturity | Unproven |
Microsoft classifies exploitation as “less likely” due to the need for port redirection, which is disabled by default.
Users should apply the October 2025 Patch Tuesday updates immediately to mitigate risks. Enable automatic updates and avoid connecting to untrusted RDP servers.
For organizations, segmenting networks and training on phishing awareness can further reduce exposure. As remote work persists, this vulnerability underscores the ongoing need for vigilant endpoint security.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
Sony and Marvel have today revealed just a little bit more of Spider-Man: Brand New…
Introducing Rock, Paper, Severed – a dark new horror game for 1-4 players that takes…
Threat actors are constantly hunting for infrastructure weaknesses, and a newly discovered batch of vulnerabilities…
Hackers are once again turning familiar tools against the very users who trust them. A…
A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing…
The city of Charlotte, North Carolina, holds a ribbon cutting ceremony for a housing development…
This website uses cookies.