Microsoft Remote Desktop Client vulnerabilities

13 known vulnerabilities affecting microsoft/remote_desktop_client.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH9MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2025-58718HIGHCVSS 8.8fixed in 1.2.65992025-10-14

CVE-2025-58718 [HIGH] CWE-416 CVE-2025-58718: Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a netwo Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-48817HIGHCVSS 8.8fixed in 1.2.63532025-07-08

CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-32715MEDIUMCVSS 6.5fixed in 1.2.62782025-06-10

CVE-2025-32715 [MEDIUM] CWE-125 CVE-2025-32715: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVE-2025-27487HIGHCVSS 8.0fixed in 1.2.60812025-04-08

CVE-2025-27487 [HIGH] CWE-122 CVE-2025-27487: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code ov Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

CVE-2025-26645HIGHCVSS 8.8fixed in 1.2.60172025-03-11

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2024-49105HIGHCVSS 8.4fixed in 1.2.5716.02024-12-12

CVE-2024-49105 [HIGH] CWE-284 CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-38131HIGHCVSS 8.8fixed in 1.2.5560.02024-08-13

CVE-2024-38131 [HIGH] CWE-591 CVE-2024-38131: Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

CVE-2023-29362HIGHCVSS 8.8fixed in 1.2.43372023-06-14

CVE-2023-29362 [HIGH] CWE-122 CVE-2023-29362: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

CVE-2023-29352MEDIUMCVSS 6.5fixed in 1.2.43372023-06-14

CVE-2023-29352 [MEDIUM] CVE-2023-29352: Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2023-28267MEDIUMCVSS 6.5fixed in 1.2.41572023-04-11

CVE-2023-28267 [MEDIUM] CWE-126 CVE-2023-28267: Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-24503MEDIUMCVSS 5.4fixed in 1.2.29252022-03-09

CVE-2022-24503 [MEDIUM] CVE-2022-24503: Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2021-38665HIGHCVSS 7.4≥ 1.2.1672, < 1.2.26772021-11-10

CVE-2021-38665 [HIGH] CVE-2021-38665: Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2019-0887HIGHCVSS 8.0fixed in 1.2.26912019-07-15

CVE-2019-0887 [HIGH] CWE-22 CVE-2019-0887: A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.