Denial of Service in Remote Desktop Gateway Service by Microsoft
CVE-2025-30394

5.9MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022; Windows Server 2025 (server Core Installation)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-30394?

An identified vulnerability within the Remote Desktop Gateway Service presents a risk of unauthorized access due to sensitive data being stored in improperly locked memory. This flaw can potentially allow attackers to execute denial-of-service attacks over a network, compromising the availability of the service. Proper security measures and timely updates are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.25475

Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.22577

Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.22577

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Mar 21, 2025