CVE-2025-32710: 
vulnerability analysis and mitigation

CVE-2025-32710 is a critical remote code execution vulnerability affecting Windows Remote Desktop Services, disclosed on June 10, 2025, as part of Microsoft's June 2025 Patch Tuesday updates. The vulnerability is classified as a use-after-free issue that allows an unauthorized attacker to execute code over a network (Wiz, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. It is classified under both CWE-416 (Use After Free) and CWE-362 (Race Condition). The flaw specifically affects systems running the Remote Desktop Gateway role and requires the adversary to win a race condition when connecting to affected systems (NVD, CrowdStrike).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute arbitrary code on the affected system over a network. The high CVSS score indicates that successful exploitation could lead to complete system compromise, affecting the confidentiality, integrity, and availability of the target system (Wiz).

Microsoft has released a security update to address this vulnerability as part of the June 2025 Patch Tuesday updates. Organizations are strongly advised to apply the available patches as soon as possible (Wiz).