Microsoft has addressed a critical security flaw in the Windows Remote Desktop Client that could allow attackers to execute arbitrary code on a user’s system. The issue, identified as CVE-2025-58718, was disclosed on October 14, 2025, and rated as Important in severity. Although no active exploitation has been reported, cybersecurity researchers warn that the flaw poses a serious threat to systems relying on remote connections.
Understanding the Vulnerability
The vulnerability arises from a use-after-free memory error within the Remote Desktop Client, a key component that enables users to connect to remote computers. An attacker could exploit this flaw by creating a malicious RDP server and convincing a victim to connect to it, potentially triggering the exploit.
Once the victim initiates the connection, the crafted server could execute malicious code within the context of the connected user. This could allow attackers to gain full control of the affected system, manipulate files, install malware, or exfiltrate sensitive data.
Attack Scenario and Technical Details
The attack requires user interaction, such as clicking a deceptive link or approving a fake RDP session. However, it does not require any special privileges from the attacker, making it easier to attempt in phishing or social engineering campaigns.
| Metric | Value |
|---|---|
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity | High |
| Availability | High |
| Exploit Maturity | Unproven |
The Common Vulnerability Scoring System (CVSS) rates this flaw at 8.8 out of 10, indicating a high-risk level due to its potential impact on confidentiality, integrity, and availability.
While Microsoft categorized the likelihood of exploitation as “less likely”, this is primarily because the attack relies on port redirection, which remains disabled by default on most systems.
Mitigation and Security Recommendations
Microsoft urges all users to install the October 2025 Patch Tuesday updates immediately to eliminate the vulnerability.
To further reduce risk, users and organizations should:
- Enable automatic updates to ensure systems remain protected.
- Avoid connecting to unverified or untrusted RDP servers.
- Segment networks to limit remote access exposure.
- Train employees to recognize phishing and deceptive connection requests.
