Platform
windows
Component
remote-desktop-client
Fixed in
1.2.6017.0
10.0.10240.20947
10.0.14393.7876
10.0.17763.7009
10.0.19044.5608
10.0.19045.5608
10.0.22621.5039
10.0.22631.5039
10.0.22631.5039
10.0.26100.3476
2.0.365.0
6.1.7601.27618
6.1.7601.27618
6.0.6003.23168
6.0.6003.23168
6.2.9200.25368
6.2.9200.25368
6.3.9600.22470
6.3.9600.22470
10.0.14393.7876
10.0.14393.7876
10.0.17763.7009
10.0.17763.7009
10.0.20348.3328
10.0.25398.1486
10.0.26100.3476
10.0.26100.3476
CVE-2025-26645 describes a Remote Code Execution (RCE) vulnerability within the Remote Desktop Client. This flaw stems from a relative path traversal issue, enabling an attacker to potentially execute arbitrary code over a network connection. The vulnerability impacts versions 1.2.0.0 through 10.0.26100.3476 of the Remote Desktop Client, and a patch is available.
The impact of CVE-2025-26645 is significant due to its RCE nature. A successful exploit allows an attacker to execute code on the affected system with the privileges of the Remote Desktop Client process. This could lead to complete system compromise, data theft, and lateral movement within the network. Attackers could leverage this vulnerability to install malware, steal sensitive information, or gain persistent access to the compromised machine. The network-based nature of the exploit means an attacker does not need local access to initiate the attack, expanding the potential attack surface.
CVE-2025-26645 was publicly disclosed on March 11, 2025. The vulnerability's nature, involving a path traversal and RCE, raises concerns about potential exploitation, although no public exploits were immediately available at the time of disclosure. The EPSS score is likely to be medium, given the potential for remote exploitation and the severity of RCE. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.31% (54% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-26645 is to upgrade the Remote Desktop Client to version 10.0.26100.3476 or later. If immediate upgrading is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful exploit. Restrict network access to the Remote Desktop Client service to only authorized users and systems. Monitor network traffic for suspicious connections or attempts to access unusual file paths. While a direct workaround is unavailable, strict firewall rules can help prevent unauthorized access. After upgrading, confirm the fix by attempting to trigger the path traversal vulnerability and verifying that it is no longer exploitable.
Update the Remote Desktop Client to the latest version available from Microsoft. This can be done through Windows Update or by downloading the latest version from the Microsoft website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-26645 is a Remote Code Execution vulnerability in the Remote Desktop Client allowing attackers to execute code over a network. It affects versions 1.2.0.0–10.0.26100.3476 and has a CVSS score of 8.8 (HIGH).
You are affected if you are using Remote Desktop Client versions between 1.2.0.0 and 10.0.26100.3476. Check your installed version and upgrade if necessary.
Upgrade to Remote Desktop Client version 10.0.26100.3476 or later to patch the vulnerability. Implement network segmentation as a temporary mitigation.
While no public exploits were immediately available at disclosure, the vulnerability's nature suggests potential for exploitation. Monitor threat intelligence feeds for updates.
Refer to the official Microsoft Security Update Guide for CVE-2025-26645 once published.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.