CVE-2025-27480
published 2025-04-08CVE-2025-27480: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25423 | 6.2.9200.25423 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22523 | 6.3.9600.22523 |
| microsoft | windows_server_2016 | < 10.0.14393.7969 | 10.0.14393.7969 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7969 | 10.0.14393.7969 |
| microsoft | windows_server_2019 | < 10.0.17763.7136 | 10.0.17763.7136 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7136 | 10.0.17763.7136 |
| microsoft | windows_server_2022 | < 10.0.20348.3453 | 10.0.20348.3453 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3453 | 10.0.20348.3453 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1551 | 10.0.25398.1551 |
| microsoft | windows_server_2025 | < 10.0.26100.3775 | 10.0.26100.3775 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3775 | 10.0.26100.3775 |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
GHSA
GHSA-79xr-cjjw-p6f2: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network
ghsa_unreviewed·2025-04-08
CVE-2025-27480 [HIGH] CWE-416 GHSA-79xr-cjjw-p6f2: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Microsoft
Windows Remote Desktop Services Remote Code Execution Vulnerability
vendor_msrc·2025-04-08·CVSS 8.1
CVE-2025-27480 [HIGH] CWE-416 Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Description: Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
FAQ: How could an attacker exploit this vulnerability?
An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
Remote Desktop Gateway Service: Remote Desktop Gateway Service
Microsoft: Microsoft
No detection rules found.
No public exploits indexed.
Krebs
Patch Tuesday, April 2025 Edition
blogs_krebs·2025-04-09·CVSS 8.1
CVE-2025-29824 [HIGH] Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
The zero-day flaw already seeing exploitation is CVE-2025-29824, a local elevation of privilege bug in the Windows Common Log File System (CLFS) driver. Microsoft rates it as “important,” but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.
This CLFS component of Windows is no stranger to Patch Tuesday: According to Tenable’s Satnam Narang, since 2022 Microsoft has patched 32 CLFS vuln
Krebs
Patch Tuesday, April 2025 Edition
blogs_krebs·2025-04-09·CVSS 8.1
CVE-2025-29824 [HIGH] Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
The zero-day flaw already seeing exploitation is CVE-2025-29824 , a local elevation of privilege bug in the Windows Common Log File System (CLFS) driver. Microsoft rates it as “important,” but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.
This CLFS component of Windows is no stranger to Patch Tuesday: According to Tenable’s Satnam Narang , since 2022 Microsoft has patched 32 CLFS vu
Talos
Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-04-08·CVSS 8.1
[HIGH] Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.
In this month's release, none of the included vulnerabilities have been observed by Microsoft to be exploited in the wild. The eleven "critical” entries are all remote code execution (RCE) vulnerabilities, four of which have been marked as "Exploitation more likely".
Two of the “critical” vulnerabilities listed affect components of the Windows Remote Desktop Services.
CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in components of the Remote Desktop Gateway Service. Both vulnerabilities were given a CVSS 3.1 score of 8.1. To successfully exploit these an attacker could connect to a system with
Talos
Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-04-08·CVSS 8.1
[HIGH] Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.
In this month's release, none of the included vulnerabilities have been observed by Microsoft to be exploited in the wild. The eleven "critical” entries are all remote code execution (RCE) vulnerabilities, four of which have been marked as "Exploitation more likely".
Two of the “critical” vulnerabilities listed affect components of the Windows Remote Desktop Services.
CVE-2025-27480 and CVE-2025-27482 are RCE vulnerabilities in components of the Remote Desktop Gateway Service. Both vulnerabilities were given a CVSS 3.1
Qualys
Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review | Qualys
blogs_qualys·2025-04-08
Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for April 2025
- Adobe Patches for April 2025
- Zero-day Vulnerabilities Patched in April Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Microsoft’s April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for April 2025
In this m
Tenable
Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
blogs_tenable·2025-04-08·CVSS 7.8
[HIGH] Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
blogs_bleepingcomputer·2025-04-08·CVSS 7.8
[HIGH] Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
## Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
## Lawrence Abrams
49 Elevation of Privilege Vulnerabilities
9 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
17 Information Disclosure Vulnerabilities
14 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The above numbers do not include Mariner flaws and 13 Microsoft Edge vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5055523 & KB5055528 cumulative updates and the Windows 10 KB5055518 update .
## One actively exploited zero-days
This month's Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclos
Qualys
Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review
blogs_qualys·2025-04-08
Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for April 2025
Adobe Patches for April 2025
Zero-day Vulnerabilities Patched in April Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in April Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Microsoft’s April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for April 2025
In this month’s Patch
Crowdstrike
April 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] April 2025 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2025-04-08
Published