CVE-2025-26645

Q: What is the severity of CVE-2025-26645?

CVE-2025-26645 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to exploit relative path traversal in Remote Desktop Client to execute arbitrary code remotely. It affects systems running vulnerable versions of Microsoft Remote Desktop Client software. Attackers can leverage this over a network connection to compromise affected systems.

8.8 HIGH

Remote Code Execution Path Traversal

📋 TL;DR

This vulnerability allows attackers to exploit relative path traversal in Remote Desktop Client to execute arbitrary code remotely. It affects systems running vulnerable versions of Microsoft Remote Desktop Client software. Attackers can leverage this over a network connection to compromise affected systems.

💻 Affected Systems

Products:

Microsoft Remote Desktop Client

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of Remote Desktop Client. Exact version ranges will be specified in Microsoft's security update.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, data exfiltration, and lateral movement across the network.

🟠

Likely Case

Unauthorized access to sensitive files, installation of malware, or creation of persistent backdoors on affected systems.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: HIGH - Remote Desktop services exposed to internet are directly vulnerable to network-based attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access to vulnerable Remote Desktop Client. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's security update

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645

Restart Required: No

Instructions:

1. Apply Microsoft's security update for Remote Desktop Client when available. 2. Use Windows Update or Microsoft Update Catalog. 3. Verify installation through Windows Update history.

🔧 Temporary Workarounds

Disable Remote Desktop Services

Windows

Temporarily disable Remote Desktop services if not required

sc config TermService start= disabled
net stop TermService /y

Network Segmentation

Windows

Restrict network access to Remote Desktop services using firewall rules

netsh advfirewall firewall add rule name="Block RDP" dir=in protocol=TCP localport=3389 action=block

🧯 If You Can't Patch

Implement strict network access controls to limit RDP connections to trusted sources only
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Remote Desktop Client version against Microsoft's security bulletin for affected versions

Check Version:

mstsc /version

Verify Fix Applied:

Verify Windows Update history shows the security update for CVE-2025-26645 has been installed

📡 Detection & Monitoring

Log Indicators:

Unusual RDP connection attempts from unexpected sources
Failed authentication attempts followed by successful connections
Process creation events from RDP sessions

Network Indicators:

Unusual RDP traffic patterns
Connection attempts to RDP port 3389 from unauthorized IPs
Anomalous network traffic following RDP connections

SIEM Query:

source="Windows Security" EventID=4625 AND LogonType=10 | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-26645

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-23

EPSS Score: 0.32% exploit probability (54.9th percentile)

Published: March 11, 2025

Last Updated: July 7, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Remote Desktop Client by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows App by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Remote Desktop Services

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities