CVE-2025-58737
published 2025-10-14CVE-2025-58737: Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
high7CVSS 3.1
AVLACHPRNUIRSUCHIHAH
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22824 | 6.3.9600.22824 |
| microsoft | windows_server_2016 | <= 10.0.14393.8519 | — |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8519 | 10.0.14393.8519 |
| microsoft | windows_server_2019 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2022 | < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1913 | 10.0.25398.1913 |
| microsoft | windows_server_2025 | <= 10.0.26100.6899 | — |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |