CVE-2025-26645

Published Mar 11, 2025

Last updated a year ago

CVSS high 8.8
Rdp

Overview

Description
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025, remote_desktop_client, windows_app

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-23

Social media

Hype score
Not currently trending

  1. CVE-2025-26645 - Critical path traversal in Microsoft Remote Desktop Client. CVSS 8.8. Unpatched. Exploitation over network. Act now: restrict RDP access. #CVE #Microsoft #infosec #CVEAlert #DevOps #cybersecurity More CVE ALERTS, YARN, SIGMA AND PAYLOAD AND POC 1/2

    @HugoValters

    27 May 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 📊 Microsoft releases security updates for Windows, addressing a Remote Code Execution Vulnerability, specifically CVE-2025-26645, according to Ghacks, a leading tech news blog, potentially impacting millions of users, via @Microsoft.

    @GadgetsPulse111

    22 Mar 2025

    25 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-26645

    @transilienceai

    17 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 💻 Microsoft releases security updates for Windows, addressing a Remote Code Execution Vulnerability, CVE-2025-26645, according to Ghacks, a leading tech news blog, potentially impacting millions of users, via @Microsoft

    @GadgetsPulse111

    16 Mar 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-26645 🔴 HIGH (8.8) 🏢 Microsoft - Windows App Client for Windows Desktop 🏗️ 1.00 🔗 https://t.co/eSympyeeHI #CyberCron #VulnAlert #InfoSec https://t.co/5ygjWZ7bL1

    @cybercronai

    12 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. A new vulnerability with increased severity was disclosed for Microsoft Windows (CVE-2025-26645) https://t.co/S7zr7XZi3k

    @vuldb

    12 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.CVE-2026-45585
  2. Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-42896
  3. Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.CVE-2026-42825
  4. Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-41097
  5. Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.CVE-2026-41096

References

Sources include official advisories and independent security research.