CVE-2025-27480: 
vulnerability analysis and mitigation

CVE-2025-27480 is a Critical Remote Code Execution (RCE) vulnerability affecting Microsoft Windows Remote Desktop Gateway Service. The vulnerability was disclosed on April 8, 2025, and affects systems running the Remote Desktop Gateway role. This use-after-free vulnerability allows unauthorized attackers to execute code over a network without requiring user interaction (NVD, CrowdStrike).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The exploitation requires the attacker to win a race condition when connecting to systems running the Remote Desktop Gateway role. The vulnerability specifically involves memory handling issues in the Remote Desktop Gateway Service (NVD, ZDI).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on affected systems with elevated privileges. Since no user interaction is required and the attack can be performed remotely over the network, this vulnerability is considered wormable, making it particularly dangerous for systems exposed to the internet (CrowdStrike).

Microsoft has released security updates to address this vulnerability as part of the April 2025 Patch Tuesday. Organizations are advised to test and deploy these patches quickly. For systems that cannot be immediately patched, it is recommended to restrict RDS access to known IP addresses and users. RDS should not be exposed directly to the internet without proper security controls (CrowdStrike).