{"id":5208,"date":"2025-07-09T10:00:23","date_gmt":"2025-07-09T10:00:23","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/07\/09\/microsoft-remote-desktop-client-vulnerability-let-attackers-execute-remote-code\/"},"modified":"2025-07-09T10:00:23","modified_gmt":"2025-07-09T10:00:23","slug":"microsoft-remote-desktop-client-vulnerability-let-attackers-execute-remote-code","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/07\/09\/microsoft-remote-desktop-client-vulnerability-let-attackers-execute-remote-code\/","title":{"rendered":"Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code"},"content":{"rendered":"

Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.\u00a0<\/p>\n

The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections.<\/p>\n

Key Takeaways<\/mark><\/strong>
1. CVE-2025-48817 enables remote code execution via Microsoft Remote Desktop Client (CVSS 8.8).
2. Malicious RDP servers execute code on connecting clients through a path traversal vulnerability.
3. Affects all Windows versions from Server 2008 to Windows 11 24H2.
4. Microsoft released fixes July 8, 2025 - apply security updates immediately.<\/pre>\n
Microsoft Remote Desktop Client Vulnerability<\/strong><\/h2>\n
CVE-2025-48817 represents a relative path traversal vulnerability combined with improper access control mechanisms within Microsoft\u2019s Remote Desktop Client infrastructure.\u00a0<\/p>\n
The vulnerability has been assigned a CVSS score of 8.8 for base metrics and 7.7 for temporal metrics, classifying it as \u201cImportant\u201d severity.\u00a0<\/p>\n
The technical classification identifies two primary weakness categories: CWE-23 (Relative Path Traversal<\/a>) and CWE-284 (Improper Access Control).<\/p>\n
The CVSS vector string CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H\/E:U\/RL:O\/RC:C indicates this is a network-based attack vector with low complexity requirements.\u00a0<\/p>\n
Crucially, the vulnerability requires no privileges for exploitation but does necessitate user interaction. Upon successful exploitation, attackers can achieve high impact across confidentiality, integrity, and availability domains.<\/p>\n
The exploitation mechanism relies on a man-in-the-middle attack scenario where malicious actors control a Remote Desktop Server.\u00a0<\/p>\n
When victims connect to the compromised server using vulnerable Remote Desktop Client<\/a> software, the relative path traversal flaw enables remote code execution (RCE) on the client machine.\u00a0<\/p>\n
This attack vector is particularly concerning because it reverses the typical client-server security model, where clients generally trust servers.<\/p>\n
The vulnerability requires an administrative user on the client system to initiate a connection to the malicious server.\u00a0<\/p>\n
Once the connection is established, the path traversal weakness allows attackers to escape intended directory restrictions and execute arbitrary code with elevated privileges.\u00a0<\/p>\n
\n\n\n\n\n\n\n\n
Risk Factors<\/strong><\/td>\nDetails<\/strong><\/td>\n<\/tr>\n
Affected Products<\/td>\n\u2013 Windows Server 2008\/2008 R2\/2012\/2012 R2- Windows Server 2016\/2019\/2022\/2025- Windows 10 (all versions from 1607 to 22H2)- Windows 11 (22H2, 23H2, 24H2)- Remote Desktop Client for Windows Desktop- Windows App Client for Windows Desktop<\/td>\n<\/tr>\n
Impact<\/td>\nRemote Code Execution (RCE)<\/td>\n<\/tr>\n
Exploit Prerequisites<\/td>\n\u2013 Administrative user on client system- User interaction required- Connection to malicious RDP server- Network access- No privileges required on server side<\/td>\n<\/tr>\n
CVSS 3.1 Score<\/td>\n8.8 (Important)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n
Affected Systems and Security Updates<\/strong><\/h2>\n
Microsoft has released comprehensive security updates<\/a> addressing CVE-2025-48817 across its entire Windows ecosystem.\u00a0<\/p>\n
The affected platforms span from legacy systems, including Windows Server 2008 and Windows 7, to current versions such as Windows 11 24H2 and Windows Server 2022.\u00a0<\/p>\n
Specific build numbers for patched versions include 10.0.26100.4652 for Windows 11 24H2 and 10.0.22631.5624 for Windows 11 23H2.<\/p>\n
The Remote Desktop client for Windows Desktop<\/a> has been updated to version 1.2.6353.0, while the Windows App Client reaches version 2.0.559.0.\u00a0<\/p>\n
Organizations should prioritize applying security updates KB5062553 and KB5062552, as well as related patches corresponding to their specific Windows versions.\u00a0<\/p>\n
Microsoft has confirmed<\/a> that the vulnerability is not currently being exploited in the wild, and no public disclosure has occurred, providing organizations with a critical window for remediation before potential widespread exploitation attempts.<\/p>\n
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now<\/strong><\/a>\u00a0<\/p>\n
The post Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n
 \t

\n 
<\/BR>
\n    Guru Baran
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n 
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.\u00a0 The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,158,131],"tags":[130],"class_list":["post-5208","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-microsoft","category-vulnerability","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5208"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=5208"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/5208\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=5208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=5208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=5208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}