CVE-2025-26677Uncontrolled Resource Consumption in Microsoft Windows Server 2016

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or ThrottlingCWE-476NULL Pointer Dereference6 documents5 sources
Severity
7.5HIGHNVD
EPSS
35.9%
top 2.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Windows Server 2016Microsoft Windows Server 2019Microsoft Windows Server 2022+2 more
Timeline
PublishedMay 13

Description

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDmicrosoft/windows< 10.0.14393.8066+4
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.8066
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.7314
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.3692
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.4061

🔴Vulnerability Details

2
CVEList
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability2025-05-13
GHSA
GHSA-p9jx-jr54-2xq2: Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network2025-05-13

📋Vendor Advisories

2
Microsoft
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability2025-05-13
Microsoft
rxrpc: Fix delayed ACKs to not set the reference serial number2024-04-09

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws2025-05-13
CVE-2025-26677 — Uncontrolled Resource Consumption | cvebase