CVE-2025-24035
HIGHDescription
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | windows_10_1507 |
| microsoft | windows_10_1507 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_21h2 |
| microsoft | windows_10_22h2 |
| microsoft | windows_11_22h2 |
| microsoft | windows_11_23h2 |
| microsoft | windows_11_24h2 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2016 |
| microsoft | windows_server_2019 |
| microsoft | windows_server_2022 |
| microsoft | windows_server_2022_23h2 |
| microsoft | windows_server_2025 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-24035? +
How severe is CVE-2025-24035? +
What products are affected by CVE-2025-24035? +
How do I check if I'm vulnerable to CVE-2025-24035? +
Related Vulnerabilities
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over …
Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Microsoft Digest Authentication Remote Code Execution Vulnerability
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.