Information Disclosure via Out-of-Bounds Read in Remote Desktop Client
CVE-2025-32715

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows App Client For Windows Desktop; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-32715?

The Remote Desktop Client suffers from an out-of-bounds read vulnerability that could allow unauthorized attackers to disclose sensitive information over a network. This issue arises from inadequate input validation, enabling an attacker to exploit this flaw to gain access to protected information transmitted during remote desktop sessions.

Affected Version(s)

Remote Desktop client for Windows Desktop Unknown 1.2.0.0 < 1.2.6278.0

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 9, 2025

Microsoft

What is CVE-2025-32715?

Affected Version(s)

References

CVSS V3.1

Timeline