Remote Code Execution Vulnerability in Windows Remote Desktop Gateway Service
CVE-2025-29831

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Windows Server 2025 (server Core Installation)
Vendor
CVE Published:
13 May 2025

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2025-29831?

A vulnerability exists in the Windows Remote Desktop Gateway Service that enables unauthorized attackers to execute arbitrary code via specially crafted network requests. This flaw stems from improper handling of certain operation states, making it critical for users to apply security updates and patches promptly to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems 6.1.7601.0 < 6.1.7601.27729

Windows Server 2008 R2 Service Pack 1 x64-based Systems 6.1.7601.0 < 6.1.7601.27729

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.25475

News Articles

favicon imageGBHackers News

Critical Vulnerability in Windows Remote Desktop Gateway Allows Denial-of-Service Attacks.

Microsoft has disclosed two critical vulnerabilities in its RDG service, posing significant risks to organizational networks.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

JSON
.