CVE-2025-32715: 
vulnerability analysis and mitigation

The Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2025-32715) is an out-of-bounds read vulnerability affecting the Remote Desktop Client, disclosed on June 10, 2025. This security flaw allows an unauthorized attacker to disclose information over a network (NVD, Wiz).

The vulnerability is classified as an out-of-bounds read (CWE-125) affecting the Remote Desktop Client. It has been assigned a CVSS v3.1 base score of 6.5 (Medium severity) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires user interaction, can be exploited over the network, and has high confidentiality impact but no integrity or availability impact (NVD, Wiz).

The vulnerability primarily impacts system confidentiality, allowing unauthorized attackers to disclose information over a network through the Remote Desktop Client. The focus is specifically on information disclosure with no reported impact on system integrity or availability (NVD).

Microsoft has released security updates to address this vulnerability as part of their June 2025 Patch Tuesday updates. Multiple patches are available across different Windows versions, including Windows 10, Windows 11, and various Windows Server editions. Users are strongly advised to apply these security updates to protect against the information disclosure vulnerability (Rapid7).