Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
MSRC compact vulnerability detail
CVE-2025-58718 · Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Signals
Remote Desktop Client
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.
Mitigation
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: Port redirection must be enabled for this attack to be successful. This feature is disabled by default.
Remote Desktop Client Remote Code Execution Vulnerability
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.