Plattform
windows
Komponente
remote-desktop-client
Behoben in
1.2.6017.0
10.0.10240.20947
10.0.14393.7876
10.0.17763.7009
10.0.19044.5608
10.0.19045.5608
10.0.22621.5039
10.0.22631.5039
10.0.22631.5039
10.0.26100.3476
2.0.365.0
6.1.7601.27618
6.1.7601.27618
6.0.6003.23168
6.0.6003.23168
6.2.9200.25368
6.2.9200.25368
6.3.9600.22470
6.3.9600.22470
10.0.14393.7876
10.0.14393.7876
10.0.17763.7009
10.0.17763.7009
10.0.20348.3328
10.0.25398.1486
10.0.26100.3476
10.0.26100.3476
CVE-2025-26645 describes a Remote Code Execution (RCE) vulnerability within the Remote Desktop Client. This flaw stems from a relative path traversal issue, enabling an attacker to potentially execute arbitrary code over a network connection. The vulnerability impacts versions 1.2.0.0 through 10.0.26100.3476 of the Remote Desktop Client, and a patch is available.
The impact of CVE-2025-26645 is significant due to its RCE nature. A successful exploit allows an attacker to execute code on the affected system with the privileges of the Remote Desktop Client process. This could lead to complete system compromise, data theft, and lateral movement within the network. Attackers could leverage this vulnerability to install malware, steal sensitive information, or gain persistent access to the compromised machine. The network-based nature of the exploit means an attacker does not need local access to initiate the attack, expanding the potential attack surface.
CVE-2025-26645 was publicly disclosed on March 11, 2025. The vulnerability's nature, involving a path traversal and RCE, raises concerns about potential exploitation, although no public exploits were immediately available at the time of disclosure. The EPSS score is likely to be medium, given the potential for remote exploitation and the severity of RCE. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations heavily reliant on Remote Desktop Client for remote access to Windows systems are particularly at risk. Environments with legacy systems running older, unpatched versions of the client are also vulnerable. Shared hosting environments where multiple users share the same Remote Desktop Client installation should be prioritized for patching.
• windows / supply-chain:
Get-Process -Name RemoteDesktopClient | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID=1001" -MaxEvents 10 | Select-String -Pattern "RemoteDesktopClient"• windows / supply-chain:
reg query "HKLM\SOFTWARE\Microsoft\RemoteDesktopClient" /v Versiondisclosure
Exploit-Status
EPSS
0.31% (54% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-26645 is to upgrade the Remote Desktop Client to version 10.0.26100.3476 or later. If immediate upgrading is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful exploit. Restrict network access to the Remote Desktop Client service to only authorized users and systems. Monitor network traffic for suspicious connections or attempts to access unusual file paths. While a direct workaround is unavailable, strict firewall rules can help prevent unauthorized access. After upgrading, confirm the fix by attempting to trigger the path traversal vulnerability and verifying that it is no longer exploitable.
Actualice el cliente de Escritorio Remoto a la última versión disponible proporcionada por Microsoft. Esto se puede hacer a través de Windows Update o descargando la versión más reciente desde el sitio web de Microsoft.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-26645 is a Remote Code Execution vulnerability in the Remote Desktop Client allowing attackers to execute code over a network. It affects versions 1.2.0.0–10.0.26100.3476 and has a CVSS score of 8.8 (HIGH).
You are affected if you are using Remote Desktop Client versions between 1.2.0.0 and 10.0.26100.3476. Check your installed version and upgrade if necessary.
Upgrade to Remote Desktop Client version 10.0.26100.3476 or later to patch the vulnerability. Implement network segmentation as a temporary mitigation.
While no public exploits were immediately available at disclosure, the vulnerability's nature suggests potential for exploitation. Monitor threat intelligence feeds for updates.
Refer to the official Microsoft Security Update Guide for CVE-2025-26645 once published.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.