HIGHCVE-2025-48817CVSS 8.8

CVE-2025-48817: RCE in Remote Desktop Client

Platform

windows

Component

remote-desktop-client

Fixed in

1.2.6353.0

10.0.10240.21073

10.0.14393.8246

10.0.17763.7558

10.0.19044.6093

10.0.19045.6093

10.0.22621.5624

10.0.22631.5624

10.0.26100.4652

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2025-48817 describes a Remote Code Execution (RCE) vulnerability within the Remote Desktop Client. This flaw stems from a relative path traversal issue, enabling an attacker to potentially execute arbitrary code over a network connection. The vulnerability impacts versions ranging from 1.2.0.0 through 10.0.26100.4652. A patch is available, resolving this critical security concern.

Impact and Attack Scenarios

The impact of CVE-2025-48817 is significant due to its RCE nature. An attacker exploiting this vulnerability could gain complete control over the affected system, potentially leading to data theft, system compromise, and further lateral movement within the network. The relative path traversal allows attackers to manipulate file paths, potentially overwriting critical system files or executing malicious payloads. Successful exploitation could grant an attacker persistent access, enabling them to establish a foothold and exfiltrate sensitive information. This vulnerability shares similarities with other path traversal exploits, where attackers leverage improper input validation to access unauthorized resources.

Exploitation Context

CVE-2025-48817 was publicly disclosed on 2025-07-08. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits, but the nature of the vulnerability suggests that one could be developed relatively easily. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.07% (20% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impacttotal

CVSS Vector

Affected Software

Componentremote-desktop-client

VendorMicrosoft

Affected rangeFixed in

1.2.0.0 – 1.2.6352.01.2.6353.0

10.0.10240.0 – 10.0.10240.2107210.0.10240.21073

10.0.14393.0 – 10.0.14393.824510.0.14393.8246

10.0.17763.0 – 10.0.17763.755710.0.17763.7558

10.0.19044.0 – 10.0.19044.609210.0.19044.6093

10.0.19045.0 – 10.0.19045.609210.0.19045.6093

10.0.22621.0 – 10.0.22621.562310.0.22621.5624

10.0.22631.0 – 10.0.22631.562310.0.22631.5624

10.0.26100.0 – 10.0.26100.465110.0.26100.4652

Weakness Classification (CWE)

CWE-23 CWE-284

Timeline

Reserved2025-05-26
Published2025-07-08
Modified2026-02-26
EPSS updated2026-03-23

Mitigation and Workarounds

The primary mitigation for CVE-2025-48817 is to upgrade the Remote Desktop Client to version 10.0.26100.4652 or later. If immediate upgrading is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful attack. While a direct workaround isn't available, restricting network access to the Remote Desktop Client service can reduce the attack surface. Monitor network traffic for unusual connections or file access attempts related to the Remote Desktop Client. After upgrading, verify the fix by attempting to access files outside the intended directory via the Remote Desktop Client – the operation should fail with an access denied error.

How to fix

Actualice el cliente de Escritorio Remoto a la última versión disponible proporcionada por Microsoft. Esto se puede hacer a través de Windows Update o descargando la última versión desde el sitio web de Microsoft.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-48817 — RCE in Remote Desktop Client?

CVE-2025-48817 is a Remote Code Execution vulnerability in the Remote Desktop Client allowing attackers to execute code over a network. It has a CVSS score of 8.8 (HIGH).

Am I affected by CVE-2025-48817 in Remote Desktop Client?

You are affected if you are using Remote Desktop Client versions 1.2.0.0–10.0.26100.4652. Check your installed version against the affected range.

How do I fix CVE-2025-48817 in Remote Desktop Client?

Upgrade to version 10.0.26100.4652 or later to resolve the vulnerability. If immediate upgrade isn't possible, implement network segmentation.

Is CVE-2025-48817 being actively exploited?

Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for exploitation.

Where can I find the official Microsoft advisory for CVE-2025-48817?

Refer to the official Microsoft Security Update Guide for CVE-2025-48817 when available.

NextGuard

Vulnerabilities

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Search CVEs

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: High — complete crash or resource exhaustion. Full denial of service.