Heap-Based Out-of-Bounds Read in FreeRDP Certificate Handling on Windows
CVE-2025-68118

6.6MEDIUM

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-68118?

In FreeRDP, a vulnerability exists in the certificate handling code on Windows platforms prior to version 3.20.0. This flaw arises from the use of the Microsoft-specific '_snprintf' function, which fails to guarantee NUL termination for certificate cache filenames when the formatted output exceeds the buffer size. If the attacker is able to control the hostname value, either via server redirection or a crafted RDP file, it can lead to filename buffers being improperly terminated. This improper termination may allow subsequent string operations to read beyond the allocated memory, causing a heap-based out-of-bounds read. Although default configurations typically terminate the connection before sensitive information can be accessed, it could still result in unintended memory disclosures or crashes. Version 3.20.0 resolves this vulnerability.

Affected Version(s)

FreeRDP < 3.20.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/commit/a0b21f992a9de1d...

x_refsource_MISC

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Dec 15, 2025

JSON

Freerdp

What is CVE-2025-68118?

Affected Version(s)

References

CVSS V4

Timeline