Plattform
windows
Komponente
remote-desktop-client
Behoben in
1.2.6353.0
10.0.10240.21073
10.0.14393.8246
10.0.17763.7558
10.0.19044.6093
10.0.19045.6093
10.0.22621.5624
10.0.22631.5624
10.0.26100.4652
CVE-2025-48817 describes a Remote Code Execution (RCE) vulnerability within the Remote Desktop Client. This flaw stems from a relative path traversal issue, enabling an attacker to potentially execute arbitrary code over a network connection. The vulnerability impacts versions ranging from 1.2.0.0 through 10.0.26100.4652. A patch is available, resolving this critical security concern.
The impact of CVE-2025-48817 is significant due to its RCE nature. An attacker exploiting this vulnerability could gain complete control over the affected system, potentially leading to data theft, system compromise, and lateral movement within the network. Successful exploitation requires network access to the vulnerable Remote Desktop Client instance. The attacker could leverage this foothold to install malware, steal sensitive information, or disrupt operations. This vulnerability shares similarities with other path traversal exploits, where attackers manipulate file paths to access unauthorized resources.
CVE-2025-48817 was publicly disclosed on 2025-07-08. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits, but the nature of the vulnerability suggests that one could be developed relatively easily. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations heavily reliant on Remote Desktop Client for remote access are particularly at risk. Environments with legacy systems running older, vulnerable versions of the client are also highly susceptible. Shared hosting environments where multiple users share the same Remote Desktop Client installation should be prioritized for patching.
• windows / supply-chain:
Get-Process -Name rdpclip | Stop-Process -Force• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-RemoteDesktopServices']]]" | Where-Object {$_.Message -match 'PathTraversal'}• windows / supply-chain: Check Autoruns for suspicious entries related to Remote Desktop Client or its components. • windows / supply-chain: Use Sysinternals Process Monitor to monitor file access attempts by Remote Desktop Client, looking for attempts to access files outside the expected directory.
disclosure
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-48817 is to upgrade the Remote Desktop Client to version 10.0.26100.4652 or later. If immediate upgrading is not feasible, consider implementing network segmentation to restrict access to the Remote Desktop Client. While a direct WAF rule is unlikely to be effective against this path traversal, strict input validation on any data sent to the client could offer a layer of defense. Monitor network traffic for suspicious connections or file access attempts originating from unexpected sources. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Actualice el cliente de Escritorio Remoto a la última versión disponible proporcionada por Microsoft. Esto se puede hacer a través de Windows Update o descargando la última versión desde el sitio web de Microsoft.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-48817 is a Remote Code Execution vulnerability in the Remote Desktop Client allowing attackers to execute code over a network. It has a CVSS score of 8.8 (HIGH).
You are affected if you are using Remote Desktop Client versions 1.2.0.0–10.0.26100.4652. Check your installed version against the affected range.
Upgrade to version 10.0.26100.4652 or later to resolve the vulnerability. If immediate upgrade isn't possible, implement network segmentation.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for exploitation.
Refer to the official Microsoft Security Update Guide for CVE-2025-48817 when available.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.