CVE-2025-58718

Q: What is the severity of CVE-2025-58718?

CVE-2025-58718 has a CVSS score of 8.8 (HIGH). This vulnerability is a use-after-free memory corruption flaw in Microsoft Remote Desktop Client that allows unauthorized attackers to execute arbitrary code remotely over a network. Attackers can exploit this to take control of affected systems. Users running vulnerable versions of Microsoft Remote Desktop Client are affected.

8.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability is a use-after-free memory corruption flaw in Microsoft Remote Desktop Client that allows unauthorized attackers to execute arbitrary code remotely over a network. Attackers can exploit this to take control of affected systems. Users running vulnerable versions of Microsoft Remote Desktop Client are affected.

💻 Affected Systems

Products:

Microsoft Remote Desktop Client

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of Remote Desktop Client. Exact version ranges will be specified in Microsoft's security update.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to install malware, steal credentials, or pivot to other systems on the network.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: HIGH - Remote Desktop clients often connect to internet-accessible systems, creating attack vectors.

🏢 Internal Only: HIGH - Internal network exploitation can lead to lateral movement and domain compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Use-after-free vulnerabilities typically require specific memory manipulation but can be reliably exploited once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be specified in Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58718

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Disable Remote Desktop Client

windows

Temporarily disable or uninstall Remote Desktop Client if not required

Get-WindowsCapability -Online | Where-Object Name -like '*RemoteDesktop*' | Remove-WindowsCapability -Online

Network Segmentation

windows

Restrict RDP traffic to trusted networks only using firewall rules

New-NetFirewallRule -DisplayName 'Block RDP' -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Block

🧯 If You Can't Patch

Implement network-level controls to block or restrict RDP traffic
Use application control to prevent execution of suspicious processes from RDP sessions

🔍 How to Verify

Check if Vulnerable:

Check installed version against Microsoft's security advisory for affected versions

Check Version:

Get-AppxPackage Microsoft.RemoteDesktop | Select Version

Verify Fix Applied:

Verify Windows Update history shows the relevant security update installed and version matches patched version

📡 Detection & Monitoring

Log Indicators:

Unusual RDP connection attempts
Process creation from mstsc.exe with suspicious parameters
Memory access violations in application logs

Network Indicators:

Anomalous RDP traffic patterns
Unexpected network connections from RDP client

SIEM Query:

source="security" EventCode=4688 ProcessName="mstsc.exe" | stats count by CommandLine

📊 Metadata

CVE ID: CVE-2025-58718

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.15% exploit probability (35.2th percentile)

Published: October 14, 2025

Last Updated: October 31, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58718 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Remote Desktop Client by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows App by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Remote Desktop Client

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities