CVE-2025-27487 | THREATINT

Home

Description

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

PUBLISHED Reserved 2025-02-26 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft

HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-122: Heap-based Buffer Overflow

Product status

1.2.0.0 (custom) before 1.2.6081.0

affected

10.0.10240.0 (custom) before 10.0.10240.20978

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.19044.0 (custom) before 10.0.19044.5737

affected

10.0.19045.0 (custom) before 10.0.19045.5737

affected

10.0.22621.0 (custom) before 10.0.22621.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

1.00 (custom) before 2.0.379.0

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.20348.0 (custom) before 10.0.20348.3453

affected

10.0.25398.0 (custom) before 10.0.25398.1551

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27487 (Remote Desktop Client Remote Code Execution Vulnerability) vendor-advisory patch

cve.org (CVE-2025-27487)

nvd.nist.gov (CVE-2025-27487)

Download JSON