CVE-2025-58737: Remote Desktop Protocol Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Oct

Released

2025-10-14

EPSS Score

0.06% (percentile: 18.6%)

Description

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

Affected Products (11)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2025 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2025
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (6)

• 5066586
• 5066782
• 5066835
• 5066780
• 5066836
• 5066873

Acknowledgments

Zhiniang Peng with HUST & R4nger with CyberKunLun

Revision History

• 2025-10-14: Information published.