CVE-2026-25953 – This is a use-after-free vulnerability in FreeR... (How to Fix)

Q: What is the severity of CVE-2026-25953?

CVE-2026-25953 has a CVSS score of 9.8 (CRITICAL). This is a use-after-free vulnerability in FreeRDP's X11 client implementation where the RDPGFX DVC thread can access a freed window pointer while the main thread concurrently deletes the window. This allows potential memory corruption and could lead to crashes or code execution. Users of FreeRDP X11 client prior to version 3.23.0 are affected.

📋 TL;DR

This is a use-after-free vulnerability in FreeRDP's X11 client implementation where the RDPGFX DVC thread can access a freed window pointer while the main thread concurrently deletes the window. This allows potential memory corruption and could lead to crashes or code execution. Users of FreeRDP X11 client prior to version 3.23.0 are affected.

💻 Affected Systems

Products:

FreeRDP

Versions: All versions prior to 3.23.0

Operating Systems: Linux, Unix-like systems with X11

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects X11 client implementation of FreeRDP; Windows and other platform clients not affected

📦 What is this software?

Freerdp by Freerdp

View all CVEs affecting Freerdp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise of the FreeRDP client system

🟠

Likely Case

Application crash or denial of service of the FreeRDP client

🟢

If Mitigated

No impact if patched or workarounds applied

🌐 Internet-Facing: MEDIUM - Requires RDP connection to malicious server

🏢 Internal Only: MEDIUM - Internal RDP connections to compromised servers could trigger exploit

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires connecting to a malicious RDP server; race condition makes reliable exploitation challenging

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.23.0

Vendor Advisory: https://github.com/FreeRDP/FreeRDP/releases/tag/3.23.0

Restart Required: Yes

Instructions:

1. Backup current FreeRDP configuration
2. Update FreeRDP to version 3.23.0 or later using package manager
3. Restart any running FreeRDP sessions
4. Verify version with 'xfreerdp --version'

🔧 Temporary Workarounds

Disable RDPGFX channel

linux

Disable the RemoteFX graphics channel which is involved in the vulnerability

xfreerdp /gfx:off

Use alternative RDP client

all

Temporarily use alternative RDP clients like rdesktop or Remmina

🧯 If You Can't Patch

Restrict RDP connections to trusted servers only
Monitor for FreeRDP crashes and investigate any anomalies

🔍 How to Verify

Check if Vulnerable:

Run 'xfreerdp --version' and check if version is below 3.23.0

Check Version:

xfreerdp --version

Verify Fix Applied:

Confirm version is 3.23.0 or higher with 'xfreerdp --version'

📡 Detection & Monitoring

Log Indicators:

FreeRDP segmentation faults or crashes
Unexpected FreeRDP process termination
System logs showing memory access violations

Network Indicators:

RDP connections to untrusted or suspicious servers
Unusual RDPGFX channel activity

SIEM Query:

process.name:"xfreerdp" AND (event.action:"segmentation_fault" OR event.action:"crash")

📊 Metadata

CVE ID: CVE-2026-25953

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 25, 2026

Last Updated: February 27, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25953, you might also want to check these: