CVE-2025-32710: Windows Remote Desktop Services Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Jun

Released

2025-06-10

EPSS Score

0.71% (percentile: 72.4%)

Description

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (19)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2025 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2025
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (13)

• 5058392
• 5058385
• 5058500
• 5058411
• 5058497
• 5058384
• 5058383
• 5061198
• 5058429
• 5058430
• 5058454
• 5058451
• 5058403

Acknowledgments

ʌ!ɔ⊥ojv with Kunlun Lab, SmallerDragon

Revision History

• 2025-06-10: Information published. This CVE was addressed by updates that were released in May 2025, but the CVE was inadvertently omitted from the May 2025 Security Updates. This is an informational change only. Customers who have already installed the May 2025 updates do not need to take any further action.