CVE-2025-29967

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGH

EPSS

2.6%

top 14.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Remote Desktop Client FOR Windows Desktop Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 +31 more

Timeline

PublishedMay 13

Description

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages33 packages

▶CVEListV5microsoft/remote_desktop_client_for_windows_desktop1.2.0.0 — 1.2.6228.0

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.7601.0 — 6.1.7601.27729

▶CVEListV5microsoft/windows_app_client_for_windows_desktop1.00 — 2.0.420

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_1_(server_core_installation)6.1.7601.0 — 6.1.7601.27729

▶NVDmicrosoft/windows< 10.0.14393.8066+5

🔴Vulnerability Details

CVEList

Remote Desktop Client Remote Code Execution Vulnerability↗2025-05-13

▶

GHSA

GHSA-938p-4c9x-3mpw: Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network↗2025-05-13

▶

📋Vendor Advisories

Microsoft

Remote Desktop Client Remote Code Execution Vulnerability↗2025-05-13

▶