CVE-2025-29966

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGH
EPSS
2.6%
top 14.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
36
Microsoft Remote Desktop Client FOR Windows DesktopMicrosoft Windows 10 Version 1507Microsoft Windows 10 Version 1607+33 more
Timeline
PublishedMay 13

Description

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages35 packages

CVEListV5microsoft/remote_desktop_client_for_windows_desktop1.2.0.01.2.6228.0
NVDmicrosoft/remote_desktop< 1.2.6228.0
NVDmicrosoft/windows< 10.0.14393.8066+5
NVDmicrosoft/windows_app< 2.0.420

🔴Vulnerability Details

2
CVEList
Remote Desktop Client Remote Code Execution Vulnerability2025-05-13
GHSA
GHSA-2j86-v657-3w4j: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network2025-05-13

📋Vendor Advisories

1
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability2025-05-13