CVE-2025-68118 – This vulnerability in FreeRDP allows attackers ... (How to Fix)

Q: What is the severity of CVE-2025-68118?

CVE-2025-68118 has a CVSS score of 9.1 (CRITICAL). This vulnerability in FreeRDP allows attackers to cause heap-based out-of-bounds memory reads by controlling hostnames in certificate cache filenames. It affects FreeRDP clients on Windows platforms using vulnerable versions, potentially leading to client crashes or unintended memory disclosure. Users connecting to untrusted RDP servers or opening crafted .rdp files are at risk.

📋 TL;DR

This vulnerability in FreeRDP allows attackers to cause heap-based out-of-bounds memory reads by controlling hostnames in certificate cache filenames. It affects FreeRDP clients on Windows platforms using vulnerable versions, potentially leading to client crashes or unintended memory disclosure. Users connecting to untrusted RDP servers or opening crafted .rdp files are at risk.

💻 Affected Systems

Products:

FreeRDP

Versions: All versions prior to 3.20.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows platforms due to use of Microsoft-specific _snprintf function. Linux/macOS versions not affected.

📦 What is this software?

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure leading to sensitive information exposure, including credentials or session data, followed by client crash.

🟠

Likely Case

Client crash or connection termination during certificate validation when connecting to malicious servers.

🟢

If Mitigated

Connection termination before meaningful data exposure, with only crash or minor memory read possible.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires attacker to control hostname via server redirection or crafted .rdp file. No public exploit code available at advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.20.0

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h78c-5cjx-jw6x

Restart Required: Yes

Instructions:

1. Download FreeRDP version 3.20.0 or later from official repository. 2. Uninstall previous version. 3. Install new version. 4. Restart system or affected applications.

🔧 Temporary Workarounds

Avoid untrusted RDP connections

all

Do not connect to untrusted RDP servers or open unknown .rdp files

Use alternative RDP clients

windows

Temporarily use Microsoft Remote Desktop or other RDP clients until patched

🧯 If You Can't Patch

Restrict RDP connections to trusted internal servers only
Implement network segmentation to isolate FreeRDP clients from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check FreeRDP version with 'xfreerdp --version' or examine installed version in Windows Programs & Features

Check Version:

xfreerdp --version

Verify Fix Applied:

Confirm version is 3.20.0 or higher using version check command

📡 Detection & Monitoring

Log Indicators:

FreeRDP crash logs
Unexpected connection terminations during certificate validation
Application error events in Windows Event Viewer

Network Indicators:

RDP connections to unusual or unexpected hostnames
Multiple failed RDP connections from same client

SIEM Query:

EventID:1000 OR EventID:1001 AND ProcessName:freerdp.exe OR xfreerdp.exe

📊 Metadata

CVE ID: CVE-2025-68118

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.05% exploit probability (15.3th percentile)

Published: December 17, 2025

Last Updated: January 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68118, you might also want to check these: