Remote Code Execution Vulnerability in Windows Remote Desktop Gateway Service
CVE-2025-29831

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022; Windows Server 2025 (server Core Installation)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-29831?

A vulnerability exists in the Windows Remote Desktop Gateway Service that enables unauthorized attackers to execute arbitrary code via specially crafted network requests. This flaw stems from improper handling of certain operation states, making it critical for users to apply security updates and patches promptly to mitigate potential exploits.

Affected Version(s)

Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems 6.1.7601.0 < 6.1.7601.27729

Windows Server 2008 R2 Service Pack 1 x64-based Systems 6.1.7601.0 < 6.1.7601.27729

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.25475

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Mar 11, 2025

Microsoft

What is CVE-2025-29831?

Affected Version(s)

References

CVSS V3.1

Timeline