CVE-2025-32715

CWE-125Out-of-bounds ReadCWE-444HTTP Request Smuggling5 documents4 sources
Severity
6.5MEDIUM
EPSS
2.1%
top 16.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
36
Microsoft Remote Desktop Client FOR Windows DesktopMicrosoft Windows 10 Version 1507Microsoft Windows 10 Version 1607+33 more
Timeline
PublishedJun 10

Description

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages35 packages

CVEListV5microsoft/remote_desktop_client_for_windows_desktop1.2.0.01.2.6278.0
NVDmicrosoft/windows< 10.0.14393.8148+5
NVDmicrosoft/windows_app< 2.0.505.0

🔴Vulnerability Details

2
GHSA
GHSA-ggm3-fwfv-cfp9: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network2025-06-10
CVEList
Remote Desktop Protocol Client Information Disclosure Vulnerability2025-06-10

📋Vendor Advisories

2
Microsoft
Remote Desktop Protocol Client Information Disclosure Vulnerability2025-06-10
Microsoft
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign2021-07-13