
Although no active exploits or public disclosures have emerged yet, Microsoft urges users and IT teams to apply available patches immediately, emphasizing the urgent need to secure systems before any potential widespread attacks materialize
Microsoft has revealed a significant security vulnerability in its Remote Desktop Client that could allow remote attackers to execute arbitrary code on affected systems. Identified as CVE-2025-48817, the flaw has been rated “Important” with a CVSS base score of 8.8, posing a major risk for organizations using Remote Desktop Protocol (RDP) for remote access.
The vulnerability combines relative path traversal (CWE-23) with improper access control (CWE-284) in the Remote Desktop Client infrastructure. It allows a malicious actor operating a rogue RDP server to exploit a connected client device. Crucially, the exploit requires no elevated privileges, but it does require user interaction, such as initiating a connection to the attacker-controlled server.
In practical terms, the attack enables threat actors to reverse the usual client-server security trust model. When an administrative user connects to a malicious RDP server, the vulnerability allows the attacker to escape from intended directory constraints and execute remote code on the user's system, potentially with elevated privileges. The impact spans confidentiality, integrity, and availability, making this a high-risk threat in enterprise environments.
Patches issued, urgent action advised
Microsoft has issued patches to mitigate the vulnerability across a wide range of Windows versions. These include both legacy platforms—like Windows 7 and Windows Server 2008—as well as current editions such as Windows 11 24H2 and Windows Server 2022. The Remote Desktop Client has been updated to version 1.2.6353.0 for Windows Desktop, and to version 2.0.559.0 for the Windows App. Key security updates such as KB5062553 and KB5062552 are now available for deployment.
The CVSS vector string—CVSS:3.1/AV:N/AC:L/PR:
While no active exploitation has been observed yet and no public disclosure of exploit code exists, Microsoft urges all users and IT teams to prioritize patching. The current availability of a patch offers a critical window to secure systems before any potential mass exploitation occurs in the wild.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.