CVE-2025-48817: 
vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-48817) was discovered in the Microsoft Remote Desktop Client, identified on July 8, 2025. The vulnerability allows an unauthorized attacker to execute code over a network through a relative path traversal attack. This security flaw affects multiple versions of Windows operating systems, including Windows Server editions and Windows desktop versions (NVD, MITRE CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is categorized under two CWE categories: CWE-284 (Improper Access Control) and CWE-23 (Relative Path Traversal). The vulnerability affects Remote Desktop client versions prior to 1.2.6353.0 (NVD, Qualys Alert).

The vulnerability poses a significant security risk as successful exploitation could allow an unauthorized attacker to execute arbitrary code with network access. This could potentially lead to complete system compromise, affecting the confidentiality, integrity, and availability of the targeted system (NVD).

Microsoft has released security updates to address this vulnerability. Users are strongly advised to update their Remote Desktop Client to version 1.2.6353.0 or later. The updates are available through the standard Windows Update mechanism and can be manually downloaded from the Microsoft Update Catalog (Qualys Alert).